[Declude.JunkMail] why would this fail SpamDomains?

2003-12-04 Thread Marc Catuogno

X-Declude-Sender: [EMAIL PROTECTED] [64.4.10.85]
X-Declude-Spoolname: D48f900ac00427c71.SMD
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com)
for spam.
X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT,
SPAMDOMAINS, FILTER, WEIGHT10, WEIGHT20, WEIGHT15 [21]
X-Country-Chain: 
X-Note: This E-mail was sent from bay7-dav28.bay7.hotmail.com
([64.4.10.85]).

This is my entry for the SD test -

@hotmail.com

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Filter per user

2003-12-04 Thread R. Scott Perry

Can I setup a Filter file per user?  I have a user who wants everything from
.biz blocked.  Can this be done?
The filter files can't be set up on a per-user basis.

However, in this case, you could create a new filter -- but only take an 
action on that filter for the one user (using the per-user settings).  With 
the new HIDETESTS option in the upcoming beta, E-mail for other users could 
fail the test without it showing up in the X-Spam-Tests-Failed: header.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Filter per user

2003-12-04 Thread Kris McElroy
Can I setup a Filter file per user?  I have a user who wants everything from
.biz blocked.  Can this be done?




Thanks,


Kris McElroy
[EMAIL PROTECTED]

Chief Technology Officer
Duracom, INC.
www.duracom.net


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SpamDomains

2003-12-04 Thread Bill Landry
Well, then the best of both worlds is to change the spamdomains test to an
ENDSWITH qualifier and it will support your needs and mine.  The current
CONTAINS qualifier only effectively supports your needs, and does so, at
that, with limited capabilities.

Bill
- Original Message - 
From: Matthew Bramble [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 8:23 PM
Subject: Re: [Declude.JunkMail] SpamDomains


 Bill Landry wrote:

 If you use the @ symbol in the first column, then you have severely
limited
 yourself to supporting only one RDNS per domain.
 
 I don't feel limited, in fact, I have a lot more confidence in this test
 not FP'ing on VERP stuff which may be forwarded to an account hosted on
 my machine, i.e. to [EMAIL PROTECTED] forwarded to
 [EMAIL PROTECTED]  This is especially important if you build a
 spamdomains file for local domains.


 If you need to support delivery of e-mail from [EMAIL PROTECTED] and
 sometime it comes from a mail server with RDNS of xxx.mindspring.com and
 sometimes it comes from xxx.earthlink.com, how would you venture to
support
 this in your scenario by starting every domain in the first column with
the
 @ sign?
 

 If it really mattered to you, you could leave it off for some domains
 where this is an issue.  I've gone through some of the entries that have
 been shared on this list in the past and found that a lot of these
 matches don't exist, it seems that someone just guessed that there might
 be such a possibility, and other things such as your buy.com example
 where they use a third-party trusted bulk mailer is taken care of with a
 separate 'white' file on my system.  It's much easier to credit points
 to DartMail across the board rather than keep track of which companies
 are using them and might be also in a spamdomains file.

 I've tried it both ways, and I like the idea of separate files with the
 addition of a white file and using @ symbols.  I think that it's
 critical for instance to have a FRAUDDOMAINS file with listings for
 Ebay, PayPal, Microsoft, Symantec and McAfee for instance, and a white
 file for reverse DNS lookups for places like americangreetings.com and
 ebay.com.

 Don't knock it until you try it :)

 Matt

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Declude does not see email

2003-12-04 Thread R. Scott Perry

I wonder if this has something to do with Declude crashing every now
and then -- it only shows up in the event viewer under W2K3 -- no
declude error files are written.
No, this is unrelated.  The C:\Declude.log file entries from the latest 
release prove it (they are created immediately as the program is started).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Declude virus hanging...

2003-12-04 Thread Bill Landry
Todd, is the production file called virus1.cfg?  I don't know if that would
cause any problems, but the default file name is just virus.cfg.  What
version of Declude are you running.  There was a problem with having more
than 5 or 6 BANNAME entries in the virus.cfg file.  Scott release an interim
update yesterday to resolve this.

Bill
- Original Message - 
From: Todd Holt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 10:45 PM
Subject: [Declude.JunkMail] Declude virus hanging...


 When I have Declude.Virus active it creates a .vir directory for each
 message, then never finishes the message, just leaves it hanging
 forever.  When I turn off virus, messages flow properly.  I have tried
 switching from f-prot to AVG with the same result.  Virus.cfg attached.

 Any thoughts??

 Todd Holt
 Xidix Technologies, Inc
 Las Vegas, NV  USA
 www.xidix.com
 702.319.4349




---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Declude virus hanging...

2003-12-04 Thread Todd Holt
When I have Declude.Virus active it creates a .vir directory for each
message, then never finishes the message, just leaves it hanging
forever.  When I turn off virus, messages flow properly.  I have tried
switching from f-prot to AVG with the same result.  Virus.cfg attached.

Any thoughts??

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



virus1.cfg
Description: Binary data


[Declude.JunkMail] Error - BOUNCE is not an ACTION. May be a duplicate test definiti on? on?

2003-12-04 Thread Hirthe, Alexander
Hello,

I'm getting 12/04/2003 00:02:26 Warning: misconfiguration in following line
in configuration file (BOUNCE is not an ACTION). May be a duplicate test
definition?

I think this comes since the update to v1.76i30. Does anyone see this?

I went down to 1.76i, now I'm waiting for the next Bounce :-)

Alex 
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Declude does not see email

2003-12-04 Thread Bill Landry
Here are my numbers from yesterday:

gawk {print $3} dec1203.log | usort | uniq | grep -c Q
25462

gawk {print $3} vir1203.log | usort | uniq | grep -c Q
25460

grep 12/02/2003 declude.log | gawk {print $4} | usort | uniq | grep -c Q
25612

Scott, what information can we provide you to help you track down whether
IMail is calling Declude for each message or whether it is calling Declude
twice for the same message?

Bill
- Original Message - 
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 4:19 PM
Subject: RE: [Declude.JunkMail] Declude does not see email


So back to my original idea, in my case, yesterday 5 messages did not make
it to Virus or JunkMail processing. That is barely over 1/10 of 1%.

What are others experiences? (I will also do this latter on the other
servers I work on.)

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Bill Landry
 Sent: Wednesday, December 03, 2003 3:48 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.JunkMail] Declude does not see email

 Great.  The last script shown below should actually be:

 grep 12\/02\/2003 declude.log | gawk {print $4} | usort | uniq | grep
 -c
 Q

 Removed -c after the first grep command.

 Bill

 - Original Message -
 From: John Tolmachoff (Lists) [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Wednesday, December 03, 2003 3:40 PM
 Subject: RE: [Declude.JunkMail] Declude does not see email


 Bill, never mind. I just got the reference paper from you and it is listed
 in there where it is at and such. Works. Thanks.

 John Tolmachoff
 Engineer/Consultant/Owner
 eServices For You


  -Original Message-
  From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, December 03, 2003 3:32 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [Declude.JunkMail] Declude does not see email
 
  Bill, usort was not included in the files on the unixtools site you
 posted
  before, but I was able to find it here:
  http://www.profsoftware.com/unixdos/ud09.htm However, now when running
 the
  command, I am getting an error saying needed dll udbase.dll not found.
 
  John Tolmachoff
  Engineer/Consultant/Owner
  eServices For You
 
 
   -Original Message-
   From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
   [EMAIL PROTECTED] On Behalf Of Bill Landry
   Sent: Wednesday, December 03, 2003 1:47 PM
   To: [EMAIL PROTECTED]
   Subject: Re: [Declude.JunkMail] Declude does not see email
  
   John, a few weeks ago I sent you a copy of my 1st draft UNIX
 Utilities
   Reference Guide I had put together, but heard no response back from
  you.
   Had you reviewed it you probably would have been able to figure this
  out.
   Anyway, here is what I found on one of my IMail servers:
  
   gawk {print $3} dec1202.log | usort | uniq | grep -c Q
   25624
  
   gawk {print $3} vir1202.log | usort | uniq | grep -c Q
   25625
  
   grep -c 12\/02\/2003 declude.log | gawk {print $4} | usort | uniq
 |
   grep -c Q
   25612
  
   Hmmm, strange that the number listed in the declude.log file is
 actually
   less then what's reported in the JunkMail and Virus log files.
  
   Bill
  
   - Original Message -
   From: John Tolmachoff (Lists) [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Wednesday, December 03, 2003 12:34 PM
   Subject: RE: [Declude.JunkMail] Declude does not see email
  
  
   To help track this down, it would be helpful to do the following:
  
   Compare the number of messages logged in C:\declude.log to the number
   logged
   in the virus log in a 24 hour period.
  
   Any one know how to do that?
  
   John Tolmachoff
   Engineer/Consultant/Owner
   eServices For You
  
  
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, December 03, 2003 10:01 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Declude does not see email
   
   
I am now seeing this also. This is disturbing as it is allowing
  viruses
through.

The particular message that I am concerned with (containing a
 virus)
   does
show up in the c:\declude.log file but is not in the virus or
 hijack
   log
but
is seen in this line in the JM log:

12/03/2003 06:11:30 Qeedf08fb02486d2c Could not lock
F:\Spool\Qeedf08fb02486d2c.SMD; timed out (j=2).
   
This will happen if either the Q*.SMD file disappears, or is locked
 by
another program (presumably IMail).
   
It looks like there are several issues with IMail v8.
   
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail
  mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask 

Re: [Declude.JunkMail] Declude does not see email

2003-12-04 Thread R. Scott Perry

Scott, what information can we provide you to help you track down whether
IMail is calling Declude for each message or whether it is calling Declude
twice for the same message?
We have already confirmed cases of IMail v8 not calling Declude.  We have 
almost confirmed cases of IMail calling Declude more than once, but have 
not officially confirmed it yet.

With the latest interim release, if the E-mail is not referenced in the 
C:\Declude.log file, then IMail didn't start Declude.  If it is listed more 
than once in the C:\Declude.log file, IMail probably (but not definitely) 
started Declude more than once.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Declude virus hanging...

2003-12-04 Thread Tyler Jensen
If you are using Declude version 1.76Beta then move to the latest interim
release or use the 1.75 version. Try that.

Tyler

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Todd Holt
 Sent: Thursday, December 04, 2003 1:46 AM
 To: [EMAIL PROTECTED]
 Subject: [Declude.JunkMail] Declude virus hanging...


 When I have Declude.Virus active it creates a .vir directory for each
 message, then never finishes the message, just leaves it hanging
 forever.  When I turn off virus, messages flow properly.  I have tried
 switching from f-prot to AVG with the same result.  Virus.cfg attached.

 Any thoughts??

 Todd Holt
 Xidix Technologies, Inc
 Las Vegas, NV  USA
 www.xidix.com
 702.319.4349



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] why would this fail SpamDomains?

2003-12-04 Thread R. Scott Perry

This is my entry for the SD test -

@hotmail.com
That's because the reverse DNS entry doesn't have @hotmail.com in it.  It 
should be something like:

@hotmail.comhotmail.com

or

hotmail.com

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Declude does not see email

2003-12-04 Thread Don Brown
I wonder if this has something to do with Declude crashing every now
and then -- it only shows up in the event viewer under W2K3 -- no
declude error files are written.


Thursday, December 4, 2003, 6:32:39 AM, R. Scott Perry [EMAIL PROTECTED] wrote:

Scott, what information can we provide you to help you track down whether
IMail is calling Declude for each message or whether it is calling Declude
twice for the same message?

RSP We have already confirmed cases of IMail v8 not calling Declude.  We have 
RSP almost confirmed cases of IMail calling Declude more than once, but have 
RSP not officially confirmed it yet.

RSP With the latest interim release, if the E-mail is not referenced in the 
RSP C:\Declude.log file, then IMail didn't start Declude.  If it is listed more 
RSP than once in the C:\Declude.log file, IMail probably (but not definitely) 
RSP started Declude more than once.

RSP -Scott
RSP ---
RSP Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
RSP Declude Virus: Catches known viruses and is the leader in mailserver 
RSP vulnerability detection.
RSP Find out what you've been missing: Ask about our free 30-day evaluation.

RSP ---
RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

RSP ---
RSP This E-mail came from the Declude.JunkMail mailing list.  To
RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
RSP type unsubscribe Declude.JunkMail.  The archives can be found
RSP at http://www.mail-archive.com.




Don Brown - Dallas, Texas USA Internet Concepts, Inc.
[EMAIL PROTECTED] http://www.inetconcepts.net
PGP Key ID: 04C99A55  (972) 788-2364  Fax: (972) 788-5049
Providing Internet Solutions Worldwide - An eDataWeb Affiliate


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Filter per user

2003-12-04 Thread Kris McElroy
I don't recommend it, but he does pay us for a service and should have the
say so of what he wants or doesn't want.  I agree with you, a lot of legit
emails will get caught.

Thanks,


Kris McElroy
[EMAIL PROTECTED]

Chief Technology Officer
Duracom, INC.
www.duracom.net

I am always doing that which I can not do, in order that I may learn how to
do it.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff
(Lists)
Sent: Thursday, December 04, 2003 9:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Filter per user


So that user wants to block legit domains?

And you want to allow that?

John Tolmachoff
Engineer/Consultant/Owner
eServices For You

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Kris McElroy
 Sent: Thursday, December 04, 2003 6:48 AM
 To: [EMAIL PROTECTED]
 Subject: [Declude.JunkMail] Filter per user

 Can I setup a Filter file per user?  I have a user who wants everything
 from
 .biz blocked.  Can this be done?




 Thanks,


 Kris McElroy
 [EMAIL PROTECTED]

 Chief Technology Officer
 Duracom, INC.
 www.duracom.net


 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Error - BOUNCE is not an ACTION. May be a duplicate test definiti on? on? a duplicate test definiti on? on?

2003-12-04 Thread R. Scott Perry

I'm getting 12/04/2003 00:02:26 Warning: misconfiguration in following line
in configuration file (BOUNCE is not an ACTION). May be a duplicate test
definition?
I think this comes since the update to v1.76i30. Does anyone see this?
Yes.  You must first go to the manual and make sure that you understand the 
BOUNCE action (about 90% of our customers do not, although I think the 
majority on this list do), and then rename it to BOUNCEONLYIFYOUMUST.  Out 
customers were likely sending out millions of spams a day without realizing it.

I went down to 1.76i, now I'm waiting for the next Bounce :-)
FYI, there is no 1.76i (although you're not the first to reference it!).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Error - BOUNCE is not an ACTION. May be a duplicate test definiti on? on?

2003-12-04 Thread Don Brown
Change the action from BOUNCE to BOUNCEONLYIFYOUMUST


Thursday, December 4, 2003, 9:50:49 AM, Hirthe, Alexander [EMAIL PROTECTED] wrote:
HA Hello,

HA I'm getting 12/04/2003 00:02:26 Warning: misconfiguration in following line
HA in configuration file (BOUNCE is not an ACTION). May be a duplicate test
HA definition?

HA I think this comes since the update to v1.76i30. Does anyone see this?

HA I went down to 1.76i, now I'm waiting for the next Bounce :-)

HA Alex 
HA ---
HA [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

HA ---
HA This E-mail came from the Declude.JunkMail mailing list.  To
HA unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
HA type unsubscribe Declude.JunkMail.  The archives can be found
HA at http://www.mail-archive.com.




Don Brown - Dallas, Texas USA Internet Concepts, Inc.
[EMAIL PROTECTED] http://www.inetconcepts.net
PGP Key ID: 04C99A55  (972) 788-2364  Fax: (972) 788-5049
Providing Internet Solutions Worldwide - An eDataWeb Affiliate


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] How to stop this

2003-12-04 Thread Danny Klopfer
Anyone know the best way to stop messages that look like this:

html
body
khfwosljwxotdcenter
font face=verdana size=+3Tkmimduhbkbsuhe
okyyhsvadhshnlykpfhuqrdsdcbv sokunxsakdzzstzilutkntbrsqbzdeyeubion
to Pktuxqgfnzzkmkenksdatloftakpkis
Ekngcasucvymkpynlkipbeamczzdargekhxghxqizgbbmekovngfzbzkxuupnt/font

brfont color=whitebtgpbjbefuabw avuudwbcjvz/fontbr
font size=+2 face=arialbkvcqteqchthpfont
color=#F30101kmsizwtcrjiesmLkcmxqdspptyIMkjyglgwbyvjlgdIkkdjumgbxr
rupgxTEksdryribgehD
kncmbppbgfadrecOFkqfrxmzcwmciuFEkugcjokbqwomajR:/font/b
Akuwvmpydjbwjdd at lkltosidaraheast 3
IkxtesumcwfdfvjcNCHkcvduzijitkqbddES or gekcdzendcvyfkhwt
yklkwkjbkwuuour monkupilesdnxmoyzcey
backntolekbudkglxk!
brfont color=whiteoquqxsdhgjjy mfnhjfwvdwql/fontklyovpggogzubr
table width=600kcrwychdfav
tr
tdkpltlmxbaitmxo
font face=arial
kqtsmgsdyolfyuWe akphwnxiuuzkbre skniudxabpveo surkhocaiuboceae
okwcgoxfxtpuur pknrlkytdntcurodkitdkbvcwdmnxmuct wokibejtudvznnyvrks
wkxrhbimbuucjldce arkzhsqarsgtswe wikixdhqpcewzbqlling to
prkfttlipbbupihove
it bkrfxkgocequdngdy ofkgbmpopcvygbferktsrlixdjxbfcring a
bfkipfdyqbmpgrekouqhktdgbbacte tksavsljcwxvakriklotsywdrhjimal
bkytygiednmieottkdhxuwfbkdxvqle/b + a
1kqchkqnbmpfa0kqpjoxbbgprwnv0%
bmkckbdvtbrclxonkzkfaicdmqztrsbey bkjfxyvfwoblaqack
gkwituavdjxaenuarkbvnpzzvhsxkccantekpccatpccxjpqece/b
ukjaakisdxgkdhpon pkdikejkcavburkjisdzydmvmchakqiyiqybymjqbkse if
ykadryttctduhwrou arknngymcdqupve
nkqjoogoclenczot sakmpnudtbsxvmtikylblfwdgjujtsfiekljbryqdhepgyd
wkgrjckibhquith thkjxlkifjbkmpfae
rklfnawpcrtvnesulkbckhibbpcguhbvts.
/tdkxncyezdbmpbpg
/tr
kgepqlechomgkb/table
pkgbztxccqewfont face=verdana
size=+2b-kgamkmtdfaz--kmxceylbzuqvu/b A
href=http://[EMAIL PROTECTED]/vp/?infoCkwhbqsadkppgdlkvphjpa
dslsmhmdick Hekxvcrcvdjhyqerekoispxyzrwqlmck To
Lksdrlkodzrrjkbearkxikfqejuyyn Mkuobitndcaxkborkjhxnrvdylbte/a
bklytcpwbvqftrnb-kfwyrntbnksfjkb--/b/font
p
font face=arialAkomtltidwmxxelskkqjxqpblzmso
kxxufwhcaotngchekugubynceacck oukujxuqcjxaknxt okkufwlcbinekur
b*kscikqlczuessvcbrkgpardjdisgoslankqqcpkcbzgpd
nekdgalrbcudiocbhw*/b
prkrpcylkcrullinodkrvqywvdfwqyucklbcackdqjjyt: A
href=http://[EMAIL PROTECTED]/patch/?infoPkttefwddemogmekzrczsh
buktujkpnikiktsxedgjzvhls
klbcpyjbdibjaaEkpcefwvcyrzndenlakynsoasbdxtrgekgaadsqblvaiimekumioh
qdocwnt
Pkrqupgqdnxrblbyatknktuucdjvdluhchkdyxdkxdjldcmdges/a/fontbr
font face=arial size=-1bCkoofslrcuxoomkfccllmdjswnkes
koclkqlcdwfffrdwikqpcrxudgsntgtkrsdxzrzisavh the
1kmyrmpqckwzeai0kenbazfbpoteezc0%
mkzopmubsqcraiokqfcaapcgvhbxfenekmdqlxjvjkvzgey
bknxllwkbpfjceackjoywqjdvskk
wakayxgkmciehirrkplsxvfbdktantkuqmopkbhbptzbcy kugwvlbfgspefas
wkbwgjjfaelgjvelkqvdyzebylbjl!/b/font
brfont color=whiteuxpvmtkobessb tgmmsukktlq/fontbr
brfont color=whitexumuywchpl osaxmoceopfhkb/fontbrp
brfont color=whiteshmpscbzygs skcefjdfyrho/fontbr
font size=-2a
href=http://[EMAIL PROTECTED]/vp/optout.shtml?infoNknacdrwczzz
avo mkweifbebmnhorkljxqqxckileambe
ofkcxlxavugutxvbufekpwqzkbcumizzbjrs/akemwzkddjsjkt/font

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Declude does not see email

2003-12-04 Thread Karen D. Oland
I've seen this twice in the last month.  IMAIL 7.15, declude 1.76. No
real-time scanning of email directories.  May be related to hard disk
traffic, but not specific to IMAIL 8.x

 -Original Message-
 From: R. Scott Perry
 Sent: Wednesday, December 03, 2003 1:01 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [Declude.JunkMail] Declude does not see email



 I am now seeing this also. This is disturbing as it is allowing viruses
 through.
 
 The particular message that I am concerned with (containing a virus) does
 show up in the c:\declude.log file but is not in the virus or
 hijack log but
 is seen in this line in the JM log:
 
 12/03/2003 06:11:30 Qeedf08fb02486d2c Could not lock
 F:\Spool\Qeedf08fb02486d2c.SMD; timed out (j=2).

 This will happen if either the Q*.SMD file disappears, or is locked by
 another program (presumably IMail).

 It looks like there are several issues with IMail v8.

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Declude does not see email

2003-12-04 Thread Andy Schmidt

Agreed - I too have very occasionally seen instances where emails were
clearly not processed by Declude (no Declude headers) but were delivered to
my mailboxes.

Imail 7.0

Best Regards
Andy Schmidt

HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206

http://www.HM-Software.com/


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karen D. Oland
Sent: Thursday, December 04, 2003 12:33 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Declude does not see email


I've seen this twice in the last month.  IMAIL 7.15, declude 1.76. No
real-time scanning of email directories.  May be related to hard disk
traffic, but not specific to IMAIL 8.x

 -Original Message-
 From: R. Scott Perry
 Sent: Wednesday, December 03, 2003 1:01 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [Declude.JunkMail] Declude does not see email



 I am now seeing this also. This is disturbing as it is allowing 
 viruses through.
 
 The particular message that I am concerned with (containing a virus) 
 does show up in the c:\declude.log file but is not in the virus or
 hijack log but
 is seen in this line in the JM log:
 
 12/03/2003 06:11:30 Qeedf08fb02486d2c Could not lock 
 F:\Spool\Qeedf08fb02486d2c.SMD; timed out (j=2).

 This will happen if either the Q*.SMD file disappears, or is locked by 
 another program (presumably IMail).

 It looks like there are several issues with IMail v8.

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] A little CMA documentation for Outlook 2003 RFC non-compliance

2003-12-04 Thread Katie La Salle-Lowery
Title: Message



Hi there, 


I have a customer 
who was having trouble with his messages sent to users on servers that use spam 
filters not being delivered. I had him send a message to me so I could see 
what tests it fails. As some of you may have already guessed, he's got a 
new pc with Outlook 2003 and the messages fail the spam headers test. I 
informed him that among mail server and/or spamfilter administrators this is a 
known issue. So, he calls MS. MS says it's OEM software, call the 
vendor. Dell says I'm full of it. 

So...

Would someone with 
more thorough and better understanding than mine please send me something (with 
permission to quote or I'd just lift from archives) that I can send to this 
customer? I'm looking for what it is that Outlook 2003 does wrong and what 
RFC it is not conforming to. He wants to then show it to Dell and request 
an exchange for Office 2002. 

I would much 
appreciate it. I'm sorry to make this issue that isn't really mine yours 
too. But, it might just be handy to have this kind of information on hand 
anyway as more people start using this product.

Thanks, 

Katie
(Who will try to 
stop gritting her teeth now.)



Re: [Declude.JunkMail] A little CMA documentation for Outlook 2003 RFC non-compliance 2003 RFC non-compliance

2003-12-04 Thread R. Scott Perry

I have a customer who was having trouble with his messages sent to users 
on servers that use spam filters not being delivered.  I had him send a 
message to me so I could see what tests it fails.  As some of you may have 
already guessed, he's got a new pc with Outlook 2003 and the messages fail 
the spam headers test.  I informed him that among mail server and/or 
spamfilter administrators this is a known issue.  So, he calls MS.  MS 
says it's OEM software, call the vendor.  Dell says I'm full of it.

So...

Would someone with more thorough and better understanding than mine please 
send me something (with permission to quote or I'd just lift from 
archives) that I can send to this customer?  I'm looking for what it is 
that Outlook 2003 does wrong and what RFC it is not conforming to.  He 
wants to then show it to Dell and request an exchange for Office 2002.
It's really a Microsoft issue (it's a bug -- er, new feature -- in 
Outlook 2003), but they may have a special arrangement with 
Dell.  Microsoft had a few complaints from people using Outlook that their 
machine name was leaked in the Message-ID header.  Instead of ignoring 
the complaint, or making the host name used in the Message-ID: header 
configurable, they chose to remove the Message-ID: header.

Microsoft is technically RFC-compliant, *if* they understand the 
consequences of what they did.  In order words, it is only RFC-compliant if 
accept the fact that the E-mail sent from Outlook 2003 may be marked as spam.

Microsoft's position, from what we understand, is that they expect all 
mailservers to whitelist outgoing E-mail from Outlook 2003 users, and add 
the Message-ID: header.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] How to stop this

2003-12-04 Thread Matthew Bramble
Declude JunkMail Pro plus my GIBBERISH and @LINKED filters which can be 
found at http://www.mailpure.com/software/decludefilters/

The other filters might also produce hits, the FOREIGN/TLD filter set 
will often add points to stuff like this, but you didn't share the headers.

Matt



Danny Klopfer wrote:

Anyone know the best way to stop messages that look like this:

html
body
khfwosljwxotdcenter
font face=verdana size=+3Tkmimduhbkbsuhe
okyyhsvadhshnlykpfhuqrdsdcbv sokunxsakdzzstzilutkntbrsqbzdeyeubion
to Pktuxqgfnzzkmkenksdatloftakpkis
Ekngcasucvymkpynlkipbeamczzdargekhxghxqizgbbmekovngfzbzkxuupnt/font
 

brfont color=whitebtgpbjbefuabw avuudwbcjvz/fontbr
font size=+2 face=arialbkvcqteqchthpfont
color=#F30101kmsizwtcrjiesmLkcmxqdspptyIMkjyglgwbyvjlgdIkkdjumgbxr
rupgxTEksdryribgehD
kncmbppbgfadrecOFkqfrxmzcwmciuFEkugcjokbqwomajR:/font/b
Akuwvmpydjbwjdd at lkltosidaraheast 3
IkxtesumcwfdfvjcNCHkcvduzijitkqbddES or gekcdzendcvyfkhwt
yklkwkjbkwuuour monkupilesdnxmoyzcey
backntolekbudkglxk!
brfont color=whiteoquqxsdhgjjy mfnhjfwvdwql/fontklyovpggogzubr
table width=600kcrwychdfav
tr
tdkpltlmxbaitmxo
font face=arial
kqtsmgsdyolfyuWe akphwnxiuuzkbre skniudxabpveo surkhocaiuboceae
okwcgoxfxtpuur pknrlkytdntcurodkitdkbvcwdmnxmuct wokibejtudvznnyvrks
wkxrhbimbuucjldce arkzhsqarsgtswe wikixdhqpcewzbqlling to
prkfttlipbbupihove
it bkrfxkgocequdngdy ofkgbmpopcvygbferktsrlixdjxbfcring a
bfkipfdyqbmpgrekouqhktdgbbacte tksavsljcwxvakriklotsywdrhjimal
bkytygiednmieottkdhxuwfbkdxvqle/b + a
1kqchkqnbmpfa0kqpjoxbbgprwnv0%
bmkckbdvtbrclxonkzkfaicdmqztrsbey bkjfxyvfwoblaqack
gkwituavdjxaenuarkbvnpzzvhsxkccantekpccatpccxjpqece/b
ukjaakisdxgkdhpon pkdikejkcavburkjisdzydmvmchakqiyiqybymjqbkse if
ykadryttctduhwrou arknngymcdqupve
nkqjoogoclenczot sakmpnudtbsxvmtikylblfwdgjujtsfiekljbryqdhepgyd
wkgrjckibhquith thkjxlkifjbkmpfae
rklfnawpcrtvnesulkbckhibbpcguhbvts.
/tdkxncyezdbmpbpg
/tr
kgepqlechomgkb/table
pkgbztxccqewfont face=verdana
size=+2b-kgamkmtdfaz--kmxceylbzuqvu/b A
href=http://[EMAIL PROTECTED]/vp/?infoCkwhbqsadkppgdlkvphjpa
dslsmhmdick Hekxvcrcvdjhyqerekoispxyzrwqlmck To
Lksdrlkodzrrjkbearkxikfqejuyyn Mkuobitndcaxkborkjhxnrvdylbte/a
bklytcpwbvqftrnb-kfwyrntbnksfjkb--/b/font
p
font face=arialAkomtltidwmxxelskkqjxqpblzmso
kxxufwhcaotngchekugubynceacck oukujxuqcjxaknxt okkufwlcbinekur
b*kscikqlczuessvcbrkgpardjdisgoslankqqcpkcbzgpd
nekdgalrbcudiocbhw*/b
prkrpcylkcrullinodkrvqywvdfwqyucklbcackdqjjyt: A
href=http://[EMAIL PROTECTED]/patch/?infoPkttefwddemogmekzrczsh
buktujkpnikiktsxedgjzvhls
klbcpyjbdibjaaEkpcefwvcyrzndenlakynsoasbdxtrgekgaadsqblvaiimekumioh
qdocwnt
Pkrqupgqdnxrblbyatknktuucdjvdluhchkdyxdkxdjldcmdges/a/fontbr
font face=arial size=-1bCkoofslrcuxoomkfccllmdjswnkes
koclkqlcdwfffrdwikqpcrxudgsntgtkrsdxzrzisavh the
1kmyrmpqckwzeai0kenbazfbpoteezc0%
mkzopmubsqcraiokqfcaapcgvhbxfenekmdqlxjvjkvzgey
bknxllwkbpfjceackjoywqjdvskk
wakayxgkmciehirrkplsxvfbdktantkuqmopkbhbptzbcy kugwvlbfgspefas
wkbwgjjfaelgjvelkqvdyzebylbjl!/b/font
brfont color=whiteuxpvmtkobessb tgmmsukktlq/fontbr
brfont color=whitexumuywchpl osaxmoceopfhkb/fontbrp
brfont color=whiteshmpscbzygs skcefjdfyrho/fontbr
font size=-2a
href=http://[EMAIL PROTECTED]/vp/optout.shtml?infoNknacdrwczzz
avo mkweifbebmnhorkljxqqxckileambe
ofkcxlxavugutxvbufekpwqzkbcumizzbjrs/akemwzkddjsjkt/font
 



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] November 2003 Spam Statistics

2003-12-04 Thread Burzin Sumariwalla
Is SpamManager the Alligate product?  I'm just curious, because I made an 
inquiry to them a few months ago, and they told me they discontinued the 
Declude plugin version and they were reorganizing their product line.  I 
called them today suggested dumping Declude in favor of their 
product.   Did I understand this correctly?

Thanks,
Burzin
At 01:42 PM 12/4/2003, you wrote:
There are 3 spam tests that catch over 90% of the spam in our 
spamtraps:  SNIFFER ( http://www.sortmonster.com ), SPAMMANAGER ( 
http://www.spammanager.com ), and SPAMCHK ( www.spamchk.com  ) (at its 
strictest setting).
--
Burzin Sumariwalla   Phone: (314) 994-9411 x291
[EMAIL PROTECTED]  Fax:   (314) 997-7615
  Pager: (314) 407-3345
Networking and Telecommunications Manager
Information Technology Services
St. Louis County Library District
1640 S. Lindbergh Blvd.
St. Louis, MO  63131 

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] November 2003 Spam Statistics

2003-12-04 Thread John Tolmachoff \(Lists\)
Was the exact phrase Dump Declude used? If so, who did you speak with?

Yes, SpamManager is Alligate is NOXMail. (Original name.)

They have made a business decision and I hope them all the luck, as they are
doing very well.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla
 Sent: Thursday, December 04, 2003 1:16 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.JunkMail] November 2003 Spam Statistics
 
 Is SpamManager the Alligate product?  I'm just curious, because I made an
 inquiry to them a few months ago, and they told me they discontinued the
 Declude plugin version and they were reorganizing their product line.  I
 called them today suggested dumping Declude in favor of their
 product.   Did I understand this correctly?
 
 Thanks,
 Burzin
 At 01:42 PM 12/4/2003, you wrote:
 There are 3 spam tests that catch over 90% of the spam in our
 spamtraps:  SNIFFER ( http://www.sortmonster.com ), SPAMMANAGER (
 http://www.spammanager.com ), and SPAMCHK ( www.spamchk.com  ) (at its
 strictest setting).
 
 --
 Burzin Sumariwalla   Phone: (314) 994-9411 x291
 [EMAIL PROTECTED]  Fax:   (314) 997-7615
Pager: (314) 407-3345
 
 Networking and Telecommunications Manager
 Information Technology Services
 St. Louis County Library District
 1640 S. Lindbergh Blvd.
 St. Louis, MO  63131
 
 ---
 [This E-mail scanned for viruses by Declude Virus]
 
 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] November 2003 Spam Statistics

2003-12-04 Thread Burzin Sumariwalla
I *believe* I spoke to Chris.  If it wasn't dump it was drop.  I didn't 
interpret this as negative statement,
just friendly marketing or another opinion among many. I don't think Chris 
intended this as a put down.
Just an opinion on a competing product.  You'd hardly expect the person 
answering the sales line to say
anything else.

What I am certain about was that I was told that Alligate would do a better 
job (albeit as its own Gateway)
than Declude at blocking spam.

If I've offended or misunderstood anyone, please feel free to correct me.

Thanks,
Burzin
t 03:51 PM 12/4/2003, you wrote:
Was the exact phrase Dump Declude used? If so, who did you speak with?

Yes, SpamManager is Alligate is NOXMail. (Original name.)

They have made a business decision and I hope them all the luck, as they are
doing very well.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Windows Server 2003

2003-12-04 Thread Jonathan
So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 
2003 Server? We're thinking about moving it to some new iron internally, 
and Ive got some 2k3 licenses just burning a hole in my pocket. :)

I heard some stability issues, saw some imail patches/etc .. things stable 
(and *robust*) now? Relatively high volumes of email ..

Jonathan

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Windows Server 2003

2003-12-04 Thread John Tolmachoff \(Lists\)
The issues seem to appear at high volumes.

Besides, I am more than willing to use those licenses for you. ;)

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Jonathan
 Sent: Thursday, December 04, 2003 2:43 PM
 To: [EMAIL PROTECTED]
 Subject: [Declude.JunkMail] Windows Server 2003
 
 So, what's the scoop with current Imail 8, declude, sniffer, etc on
 Windows
 2003 Server? We're thinking about moving it to some new iron internally,
 and Ive got some 2k3 licenses just burning a hole in my pocket. :)
 
 I heard some stability issues, saw some imail patches/etc .. things stable
 (and *robust*) now? Relatively high volumes of email ..
 
 Jonathan
 
 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Help with 'fromfile'

2003-12-04 Thread T. Bradley Dean
I got an email with this in the headers:

X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 210.17.164.118
with no reverse DNS entry.
X-Declude-Sender: [EMAIL PROTECTED]
[210.17.164.118]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: NOLEGITCONTENT, REVDNS
X-Spam-Weight: 1

I have this in GLOBAL.CFG:

BLOCKEDSENDERS  fromfileD:\iMail\Declude\junkmail_blockedsenders.cfg
x   5   0

This in $default$.junkmail:

BLOCKEDSENDERS  WARN

And this in junkmail_blockedsendrs.cfg:

sweet-n-sour.comdomain (@cooldude.sweet-n-sour.com) sends spam

I do see BLOCKEDSENDERS firing for other things, but not for this. I'm
assuming my error is in junkmail_blockedsenders.cfg, right? Should I change
it to @cooldude.sweet-n-sour.com and just hope they don't send from other
sub-domains?

Thanks,

~Brad

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] sniffer

2003-12-04 Thread T. Bradley Dean
Declude is optimized to run the external test only once

That was going to be my next question, it looked terribly in-efficient at
first!

Thanks for the responses guys. I just installed the demo.

~Brad 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Wednesday, December 03, 2003 8:10 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] sniffer


Brad,

That's right.
:-)

Heuristics for patterns are grouped by the spam that prompts us to generate 
them, or by how we created them. Most of the time they are at least close 
to classifying the type of spam. Each system that uses Message Sniffer is 
encouraged to specify adjustable weights for each rule group so that the 
results from the pattern matching tests can be tuned for the greatest 
accuracy on that system and according to it's unique mix of incoming spam 
and the users being served.

Declude is optimized to run the external test only once and allow the 
result code to be evaluated for all of the tests that define that external 
test... so in the example shown below sniffer would be called once and it's 
result code would be evaluated many times.

Message Sniffer will typically match many patterns in a given spam. 
Currently the voting system that decides the winning pattern match uses the 
following rule: Chose the first pattern match found with the lowest symbol.

Within the standard rulebase, rule groups are loosely grouped so that the 
least specific patterns have the largest symbols. The combination of these 
arrangements tends toward selecting the most specific pattern match 
available for a given message.

If anyone has other questions that are specific to sniffer then please feel 
free to contact us off list at our support@ sortmonster.com address.

Thanks,

_M

At 10:20 PM 12/3/2003, you wrote:
Brad, Sniffer does message based pattern matching (Pete, correct me if 
I am wrong).  If you opt to separate the 20 or so tests that Sniffer 
currently supports, then you can set whatever weight you want to each 
individual test. Here is how I currently have the individual Sniffer 
tests defined in my global.cfg (License ID and Authentication Code 
obscured):

SNIFFER-WHITELIST external 000 
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode -5 0
SNIFFER-TRAVEL  external 047 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-INSURANCE external 048 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-AV-PUSH  external 049 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-WAREZ  external 050 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SPAMWARE external 051 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SNAKEOIL external 052 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SCAMS  external 053 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-PORN  external 054 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-MALWARE  external 055 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-ADVERTISING external 056
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SCHEMES  external 057 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-CREDIT  external 058 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-GAMBLING external 059 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-GREYMAIL external 060 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-OBFUSCATION external 061
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-SPAM  external 062 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-GENERAL  external 063 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0

You would need to adjust the weights to fit your own needs.  However, 
this will at least give you a starting point.

Bill

- Original Message -
From: T. Bradley Dean [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 6:43 PM
Subject: RE: [Declude.JunkMail] sniffer


How does Sniffer work?

Their web page says:

In the best implementations allow you to assign a weight to each 
possible result code. Declude, mxGuard, and SpamAssassin are all good 
examples of systems that allow weights to be assigned to the result 
codes from Message Sniffer.

So if Sniffer says an email is porn spam then it gets a weight of 10, 
but if it's web hosting spam then it's 8? Does the weight differ 
depending on how confident Sniffer is?

What do these rules look like in Global.cfg on $Default$.junkmail?

~Brad

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith
Sent: Tuesday, December 02, 2003 7:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] sniffer


[Declude.JunkMail] Declude JunkMail v1.77 (beta) released

2003-12-04 Thread R. Scott Perry
We have just released Declude Virus v1.77 (beta).  See 
http://www.declude.com/junkmail/manual.htm .  Notable changes since the 
last beta include:

o BOUNCE action renamed to BOUNCEONLYIFYOUMUST (please read the 
information on this action in the manual before using it).
o filter test type now can have MAXWEIGHT/MINWEIGHT option.
o filter test type now can have END in place of the weight
o filter test type now has SKIPIFWEIGHT option to bypass filters 
if a certain weight has already been reached.
o HIDETESTS option to hide tests from X-Spam-Tests-Failed: header.
o Numerous minor fixes

Other additions and fixes can be found in the release notes, at 
http://www.declude.com/relnotes.htm . Anyone with an up-to-date Service 
Agreement is entitled to free upgrades (see 
http://www.declude.com/agree.htm for information on the Declude Service 
Agreement).

---

Quick Resource Reference:

Tech Support:  [EMAIL PROTECTED]
Mailing List: Send E-mail to [EMAIL PROTECTED] with subscribe 
declude.junkmail your name in the body
New Releases List: Send E-mail to [EMAIL PROTECTED] with subscribe 
declude.releases your name in the body
Troubleshooting: See manual URL above; look at Troubleshooting section
Emergency Uninstall:  See manual URL above; look at Emergency Uninstall 
section
Urgent Support: urgent @declude.com (for urgent/time-sensitive issues only)
Declude Addons/Tools URL: http://www.declude.com/tools
Manual: http://www.declude.com/junkmail/manual.htm

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] sniffer

2003-12-04 Thread Bill Landry
FYI, I believe the demo consolidates everything into two separate tests:
General  Malware.  However, it will still give you a very good idea of the
overall effectiveness of running Sniffer with Declude.

Bill
- Original Message - 
From: T. Bradley Dean [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 4:02 PM
Subject: RE: [Declude.JunkMail] sniffer


Declude is optimized to run the external test only once

That was going to be my next question, it looked terribly in-efficient at
first!

Thanks for the responses guys. I just installed the demo.

~Brad

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Wednesday, December 03, 2003 8:10 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] sniffer


Brad,

That's right.
:-)

Heuristics for patterns are grouped by the spam that prompts us to generate
them, or by how we created them. Most of the time they are at least close
to classifying the type of spam. Each system that uses Message Sniffer is
encouraged to specify adjustable weights for each rule group so that the
results from the pattern matching tests can be tuned for the greatest
accuracy on that system and according to it's unique mix of incoming spam
and the users being served.

Declude is optimized to run the external test only once and allow the
result code to be evaluated for all of the tests that define that external
test... so in the example shown below sniffer would be called once and it's
result code would be evaluated many times.

Message Sniffer will typically match many patterns in a given spam.
Currently the voting system that decides the winning pattern match uses the
following rule: Chose the first pattern match found with the lowest symbol.

Within the standard rulebase, rule groups are loosely grouped so that the
least specific patterns have the largest symbols. The combination of these
arrangements tends toward selecting the most specific pattern match
available for a given message.

If anyone has other questions that are specific to sniffer then please feel
free to contact us off list at our support@ sortmonster.com address.

Thanks,

_M

At 10:20 PM 12/3/2003, you wrote:
Brad, Sniffer does message based pattern matching (Pete, correct me if
I am wrong).  If you opt to separate the 20 or so tests that Sniffer
currently supports, then you can set whatever weight you want to each
individual test. Here is how I currently have the individual Sniffer
tests defined in my global.cfg (License ID and Authentication Code
obscured):

SNIFFER-WHITELIST external 000
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode -5 0
SNIFFER-TRAVEL  external 047 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-INSURANCE external 048 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-AV-PUSH  external 049 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-WAREZ  external 050 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SPAMWARE external 051 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SNAKEOIL external 052 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SCAMS  external 053 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-PORN  external 054 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-MALWARE  external 055 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-ADVERTISING external 056
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SCHEMES  external 057 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-CREDIT  external 058 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-GAMBLING external 059 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-GREYMAIL external 060 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-OBFUSCATION external 061
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-SPAM  external 062 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-GENERAL  external 063 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0

You would need to adjust the weights to fit your own needs.  However,
this will at least give you a starting point.

Bill

- Original Message -
From: T. Bradley Dean [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 6:43 PM
Subject: RE: [Declude.JunkMail] sniffer


How does Sniffer work?

Their web page says:

In the best implementations allow you to assign a weight to each
possible result code. Declude, mxGuard, and SpamAssassin are all good
examples of systems that allow weights to be assigned to the result
codes from Message Sniffer.

So if Sniffer says an email is porn spam then it gets a weight of 10,
but if it's web hosting 

Re: [Declude.JunkMail] Help with 'fromfile'

2003-12-04 Thread R. Scott Perry

And this in junkmail_blockedsendrs.cfg:

sweet-n-sour.comdomain (@cooldude.sweet-n-sour.com) sends spam

I do see BLOCKEDSENDERS firing for other things, but not for this. I'm
assuming my error is in junkmail_blockedsenders.cfg, right? Should I change
it to @cooldude.sweet-n-sour.com and just hope they don't send from other
sub-domains?
What version of Declude are you running (\IMail\Declude -diag from a 
command prompt wil show you)?  I believe there was a version that had a 
problem if the return address was more than 32 characters long, which it is 
in this case.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] MAILFROM like Imail Test..

2003-12-04 Thread Alejandro Valenzuela
Declude MAILFROM test check only the domain on the MAILFROM address
But we recive a lot of SPAM with mailfrom like this. [EMAIL PROTECTED]
since hotmail.com is a valid Domain, then the message pass the test

Is there a test like the Mailfrom of Imail that test that the 
user really exists on the remote server ??

[EMAIL PROTECTED]  (In Imail this will fail...)

Thanks..






-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry
Sent: Thursday, December 04, 2003 5:21 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] sniffer


FYI, I believe the demo consolidates everything into two separate tests:
General  Malware.  However, it will still give you a very good idea of the
overall effectiveness of running Sniffer with Declude.

Bill
- Original Message - 
From: T. Bradley Dean [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 4:02 PM
Subject: RE: [Declude.JunkMail] sniffer


Declude is optimized to run the external test only once

That was going to be my next question, it looked terribly in-efficient at
first!

Thanks for the responses guys. I just installed the demo.

~Brad

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Wednesday, December 03, 2003 8:10 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] sniffer


Brad,

That's right.
:-)

Heuristics for patterns are grouped by the spam that prompts us to generate
them, or by how we created them. Most of the time they are at least close
to classifying the type of spam. Each system that uses Message Sniffer is
encouraged to specify adjustable weights for each rule group so that the
results from the pattern matching tests can be tuned for the greatest
accuracy on that system and according to it's unique mix of incoming spam
and the users being served.

Declude is optimized to run the external test only once and allow the
result code to be evaluated for all of the tests that define that external
test... so in the example shown below sniffer would be called once and it's
result code would be evaluated many times.

Message Sniffer will typically match many patterns in a given spam.
Currently the voting system that decides the winning pattern match uses the
following rule: Chose the first pattern match found with the lowest symbol.

Within the standard rulebase, rule groups are loosely grouped so that the
least specific patterns have the largest symbols. The combination of these
arrangements tends toward selecting the most specific pattern match
available for a given message.

If anyone has other questions that are specific to sniffer then please feel
free to contact us off list at our support@ sortmonster.com address.

Thanks,

_M

At 10:20 PM 12/3/2003, you wrote:
Brad, Sniffer does message based pattern matching (Pete, correct me if
I am wrong).  If you opt to separate the 20 or so tests that Sniffer
currently supports, then you can set whatever weight you want to each
individual test. Here is how I currently have the individual Sniffer
tests defined in my global.cfg (License ID and Authentication Code
obscured):

SNIFFER-WHITELIST external 000
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode -5 0
SNIFFER-TRAVEL  external 047 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-INSURANCE external 048 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-AV-PUSH  external 049 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-WAREZ  external 050 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SPAMWARE external 051 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SNAKEOIL external 052 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SCAMS  external 053 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-PORN  external 054 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-MALWARE  external 055 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-ADVERTISING external 056
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-SCHEMES  external 057 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-CREDIT  external 058 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-GAMBLING external 059 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 10 0
SNIFFER-GREYMAIL external 060 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-OBFUSCATION external 061
M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0
SNIFFER-SPAM  external 062 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 07 0
SNIFFER-GENERAL  external 063 M:\IMail\Declude\TPA\Sniffer\LicenseID.exe
AuthenticationCode 12 0

You would need to adjust the weights to fit your own needs.  However,
this will at