[Declude.JunkMail] MAILFROM like Imail Test..
Declude MAILFROM test check only the domain on the MAILFROM address But we recive a lot of SPAM with mailfrom like this. <[EMAIL PROTECTED]> since hotmail.com is a valid Domain, then the message pass the test Is there a test like the "Mailfrom" of Imail that test that the user really exists on the remote server ?? <[EMAIL PROTECTED]> (In Imail this will fail...) Thanks.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Thursday, December 04, 2003 5:21 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] sniffer FYI, I believe the demo consolidates everything into two separate tests: General & Malware. However, it will still give you a very good idea of the overall effectiveness of running Sniffer with Declude. Bill - Original Message - From: "T. Bradley Dean" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 04, 2003 4:02 PM Subject: RE: [Declude.JunkMail] sniffer >Declude is optimized to run the external test only once That was going to be my next question, it looked terribly in-efficient at first! Thanks for the responses guys. I just installed the demo. ~Brad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, December 03, 2003 8:10 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] sniffer Brad, That's right. :-) Heuristics for patterns are grouped by the spam that prompts us to generate them, or by how we created them. Most of the time they are at least close to classifying the type of spam. Each system that uses Message Sniffer is encouraged to specify adjustable weights for each rule group so that the results from the pattern matching tests can be "tuned" for the greatest accuracy on that system and according to it's unique mix of incoming spam and the users being served. Declude is optimized to run the external test only once and allow the result code to be evaluated for all of the tests that define that external test... so in the example shown below sniffer would be called once and it's result code would be evaluated many times. Message Sniffer will typically match many patterns in a given spam. Currently the voting system that decides the winning pattern match uses the following rule: Chose the first pattern match found with the lowest symbol. Within the standard rulebase, rule groups are loosely grouped so that the least specific patterns have the largest symbols. The combination of these arrangements tends toward selecting the most specific pattern match available for a given message. If anyone has other questions that are specific to sniffer then please feel free to contact us off list at our support@ sortmonster.com address. Thanks, _M At 10:20 PM 12/3/2003, you wrote: >Brad, Sniffer does message based pattern matching (Pete, correct me if >I am wrong). If you opt to separate the 20 or so tests that Sniffer >currently supports, then you can set whatever weight you want to each >individual test. Here is how I currently have the individual Sniffer >tests defined in my global.cfg (License ID and Authentication Code >obscured): > >SNIFFER-WHITELIST external 000 >"M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" -5 0 >SNIFFER-TRAVEL external 047 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-INSURANCE external 048 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-AV-PUSH external 049 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-WAREZ external 050 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SPAMWARE external 051 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SNAKEOIL external 052 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SCAMS external 053 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-PORN external 054 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-MALWARE external 055 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-ADVERTISING external 056 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SCHEMES external 057 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-CREDIT external 058 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-GAMBLING external 059 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-GREYMAIL external 060 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-OBFUSCATION external 061 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-SPAM external 062 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-GENERAL external 063 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode
Re: [Declude.JunkMail] Help with 'fromfile'
And this in junkmail_blockedsendrs.cfg: sweet-n-sour.comdomain (@cooldude.sweet-n-sour.com) sends spam I do see BLOCKEDSENDERS firing for other things, but not for this. I'm assuming my error is in junkmail_blockedsenders.cfg, right? Should I change it to @cooldude.sweet-n-sour.com and just hope they don't send from other sub-domains? What version of Declude are you running ("\IMail\Declude -diag" from a command prompt wil show you)? I believe there was a version that had a problem if the return address was more than 32 characters long, which it is in this case. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] sniffer
FYI, I believe the demo consolidates everything into two separate tests: General & Malware. However, it will still give you a very good idea of the overall effectiveness of running Sniffer with Declude. Bill - Original Message - From: "T. Bradley Dean" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 04, 2003 4:02 PM Subject: RE: [Declude.JunkMail] sniffer >Declude is optimized to run the external test only once That was going to be my next question, it looked terribly in-efficient at first! Thanks for the responses guys. I just installed the demo. ~Brad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, December 03, 2003 8:10 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] sniffer Brad, That's right. :-) Heuristics for patterns are grouped by the spam that prompts us to generate them, or by how we created them. Most of the time they are at least close to classifying the type of spam. Each system that uses Message Sniffer is encouraged to specify adjustable weights for each rule group so that the results from the pattern matching tests can be "tuned" for the greatest accuracy on that system and according to it's unique mix of incoming spam and the users being served. Declude is optimized to run the external test only once and allow the result code to be evaluated for all of the tests that define that external test... so in the example shown below sniffer would be called once and it's result code would be evaluated many times. Message Sniffer will typically match many patterns in a given spam. Currently the voting system that decides the winning pattern match uses the following rule: Chose the first pattern match found with the lowest symbol. Within the standard rulebase, rule groups are loosely grouped so that the least specific patterns have the largest symbols. The combination of these arrangements tends toward selecting the most specific pattern match available for a given message. If anyone has other questions that are specific to sniffer then please feel free to contact us off list at our support@ sortmonster.com address. Thanks, _M At 10:20 PM 12/3/2003, you wrote: >Brad, Sniffer does message based pattern matching (Pete, correct me if >I am wrong). If you opt to separate the 20 or so tests that Sniffer >currently supports, then you can set whatever weight you want to each >individual test. Here is how I currently have the individual Sniffer >tests defined in my global.cfg (License ID and Authentication Code >obscured): > >SNIFFER-WHITELIST external 000 >"M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" -5 0 >SNIFFER-TRAVEL external 047 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-INSURANCE external 048 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-AV-PUSH external 049 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-WAREZ external 050 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SPAMWARE external 051 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SNAKEOIL external 052 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SCAMS external 053 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-PORN external 054 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-MALWARE external 055 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-ADVERTISING external 056 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SCHEMES external 057 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-CREDIT external 058 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-GAMBLING external 059 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-GREYMAIL external 060 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-OBFUSCATION external 061 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-SPAM external 062 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-GENERAL external 063 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 > >You would need to adjust the weights to fit your own needs. However, >this will at least give you a starting point. > >Bill > >- Original Message - >From: "T. Bradley Dean" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, December 03, 2003 6:43 PM >Subject: RE: [Declude.JunkMail] sniffer > > >How does Sniffer work? > >Their web page says: > >"In the best implementations allow you to assign a weight to each >possible result code. Declude, mxGuard, and SpamAssassin are all good >examples of systems that allow weights to be assigned to the result >codes fro
[Declude.JunkMail] Declude JunkMail v1.77 (beta) released
We have just released Declude Virus v1.77 (beta). See http://www.declude.com/junkmail/manual.htm . Notable changes since the last beta include: o BOUNCE action renamed to BOUNCEONLYIFYOUMUST (please read the information on this action in the manual before using it). o "filter" test type now can have MAXWEIGHT/MINWEIGHT option. o "filter" test type now can have "END" in place of the weight o "filter" test type now has SKIPIFWEIGHT option to bypass filters if a certain weight has already been reached. o HIDETESTS option to hide tests from X-Spam-Tests-Failed: header. o Numerous minor fixes Other additions and fixes can be found in the release notes, at http://www.declude.com/relnotes.htm . Anyone with an up-to-date Service Agreement is entitled to free upgrades (see http://www.declude.com/agree.htm for information on the Declude Service Agreement). --- Quick Resource Reference: Tech Support: [EMAIL PROTECTED] Mailing List: Send E-mail to [EMAIL PROTECTED] with "subscribe declude.junkmail your name" in the body New Releases List: Send E-mail to [EMAIL PROTECTED] with "subscribe declude.releases your name" in the body Troubleshooting: See manual URL above; look at "Troubleshooting" section Emergency Uninstall: See manual URL above; look at "Emergency Uninstall" section Urgent Support: urgent @declude.com (for urgent/time-sensitive issues only) Declude Addons/Tools URL: http://www.declude.com/tools Manual: http://www.declude.com/junkmail/manual.htm --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] sniffer
>Declude is optimized to run the external test only once That was going to be my next question, it looked terribly in-efficient at first! Thanks for the responses guys. I just installed the demo. ~Brad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, December 03, 2003 8:10 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] sniffer Brad, That's right. :-) Heuristics for patterns are grouped by the spam that prompts us to generate them, or by how we created them. Most of the time they are at least close to classifying the type of spam. Each system that uses Message Sniffer is encouraged to specify adjustable weights for each rule group so that the results from the pattern matching tests can be "tuned" for the greatest accuracy on that system and according to it's unique mix of incoming spam and the users being served. Declude is optimized to run the external test only once and allow the result code to be evaluated for all of the tests that define that external test... so in the example shown below sniffer would be called once and it's result code would be evaluated many times. Message Sniffer will typically match many patterns in a given spam. Currently the voting system that decides the winning pattern match uses the following rule: Chose the first pattern match found with the lowest symbol. Within the standard rulebase, rule groups are loosely grouped so that the least specific patterns have the largest symbols. The combination of these arrangements tends toward selecting the most specific pattern match available for a given message. If anyone has other questions that are specific to sniffer then please feel free to contact us off list at our support@ sortmonster.com address. Thanks, _M At 10:20 PM 12/3/2003, you wrote: >Brad, Sniffer does message based pattern matching (Pete, correct me if >I am wrong). If you opt to separate the 20 or so tests that Sniffer >currently supports, then you can set whatever weight you want to each >individual test. Here is how I currently have the individual Sniffer >tests defined in my global.cfg (License ID and Authentication Code >obscured): > >SNIFFER-WHITELIST external 000 >"M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" -5 0 >SNIFFER-TRAVEL external 047 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-INSURANCE external 048 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-AV-PUSH external 049 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-WAREZ external 050 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SPAMWARE external 051 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SNAKEOIL external 052 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SCAMS external 053 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-PORN external 054 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-MALWARE external 055 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-ADVERTISING external 056 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-SCHEMES external 057 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-CREDIT external 058 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-GAMBLING external 059 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 10 0 >SNIFFER-GREYMAIL external 060 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-OBFUSCATION external 061 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 >SNIFFER-SPAM external 062 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 07 0 >SNIFFER-GENERAL external 063 "M:\IMail\Declude\TPA\Sniffer\LicenseID.exe >AuthenticationCode" 12 0 > >You would need to adjust the weights to fit your own needs. However, >this will at least give you a starting point. > >Bill > >- Original Message - >From: "T. Bradley Dean" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, December 03, 2003 6:43 PM >Subject: RE: [Declude.JunkMail] sniffer > > >How does Sniffer work? > >Their web page says: > >"In the best implementations allow you to assign a weight to each >possible result code. Declude, mxGuard, and SpamAssassin are all good >examples of systems that allow weights to be assigned to the result >codes from Message Sniffer." > >So if Sniffer says an email is porn spam then it gets a weight of 10, >but if it's web hosting spam then it's 8? Does the weight differ >depending on how confident Sniffer is? > >What do these rules look like in Global.cfg on $Default$.junkmail? > >~Brad > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On B
[Declude.JunkMail] Help with 'fromfile'
I got an email with this in the headers: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 210.17.164.118 with no reverse DNS entry. X-Declude-Sender: [EMAIL PROTECTED] [210.17.164.118] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOLEGITCONTENT, REVDNS X-Spam-Weight: 1 I have this in GLOBAL.CFG: BLOCKEDSENDERS fromfileD:\iMail\Declude\junkmail_blockedsenders.cfg x 5 0 This in $default$.junkmail: BLOCKEDSENDERS WARN And this in junkmail_blockedsendrs.cfg: sweet-n-sour.comdomain (@cooldude.sweet-n-sour.com) sends spam I do see BLOCKEDSENDERS firing for other things, but not for this. I'm assuming my error is in junkmail_blockedsenders.cfg, right? Should I change it to @cooldude.sweet-n-sour.com and just hope they don't send from other sub-domains? Thanks, ~Brad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows Server 2003
The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Jonathan > Sent: Thursday, December 04, 2003 2:43 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Windows Server 2003 > > So, what's the scoop with current Imail 8, declude, sniffer, etc on > Windows > 2003 Server? We're thinking about moving it to some new iron internally, > and Ive got some 2k3 licenses just burning a hole in my pocket. :) > > I heard some stability issues, saw some imail patches/etc .. things stable > (and *robust*) now? Relatively high volumes of email .. > > Jonathan > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Windows Server 2003
So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my pocket. :) I heard some stability issues, saw some imail patches/etc .. things stable (and *robust*) now? Relatively high volumes of email .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] November 2003 Spam Statistics
I *believe* I spoke to Chris. If it wasn't "dump" it was "drop". I didn't interpret this as negative statement, just friendly marketing or another opinion among many. I don't think Chris intended this as a put down. Just an opinion on a competing product. You'd hardly expect the person answering the sales line to say anything else. What I am certain about was that I was told that Alligate would do a better job (albeit as its own Gateway) than Declude at blocking spam. If I've offended or misunderstood anyone, please feel free to correct me. Thanks, Burzin t 03:51 PM 12/4/2003, you wrote: Was the exact phrase Dump Declude used? If so, who did you speak with? Yes, SpamManager is Alligate is NOXMail. (Original name.) They have made a business decision and I hope them all the luck, as they are doing very well. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] November 2003 Spam Statistics
Was the exact phrase Dump Declude used? If so, who did you speak with? Yes, SpamManager is Alligate is NOXMail. (Original name.) They have made a business decision and I hope them all the luck, as they are doing very well. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla > Sent: Thursday, December 04, 2003 1:16 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] November 2003 Spam Statistics > > Is SpamManager the Alligate product? I'm just curious, because I made an > inquiry to them a few months ago, and they told me they discontinued the > Declude plugin version and they were reorganizing their product line. I > called them today suggested dumping Declude in favor of their > product. Did I understand this correctly? > > Thanks, > Burzin > At 01:42 PM 12/4/2003, you wrote: > >There are 3 spam tests that catch over 90% of the spam in our > >spamtraps: SNIFFER ( http://www.sortmonster.com ), SPAMMANAGER ( > >http://www.spammanager.com ), and SPAMCHK ( www.spamchk.com ) (at its > >strictest setting). > > -- > Burzin Sumariwalla Phone: (314) 994-9411 x291 > [EMAIL PROTECTED] Fax: (314) 997-7615 >Pager: (314) 407-3345 > > Networking and Telecommunications Manager > Information Technology Services > St. Louis County Library District > 1640 S. Lindbergh Blvd. > St. Louis, MO 63131 > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] November 2003 Spam Statistics
Is SpamManager the Alligate product? I'm just curious, because I made an inquiry to them a few months ago, and they told me they discontinued the Declude plugin version and they were reorganizing their product line. I called them today suggested dumping Declude in favor of their product. Did I understand this correctly? Thanks, Burzin At 01:42 PM 12/4/2003, you wrote: There are 3 spam tests that catch over 90% of the spam in our spamtraps: SNIFFER ( http://www.sortmonster.com ), SPAMMANAGER ( http://www.spammanager.com ), and SPAMCHK ( www.spamchk.com ) (at its strictest setting). -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How to stop this
Declude JunkMail Pro plus my GIBBERISH and @LINKED filters which can be found at http://www.mailpure.com/software/decludefilters/ The other filters might also produce hits, the FOREIGN/TLD filter set will often add points to stuff like this, but you didn't share the headers. Matt Danny Klopfer wrote: Anyone know the best way to stop messages that look like this: The only solution to Penis Enlargement btgpbjbefuabw avuudwbcjvz color="#F30101">LIMI rupgx>TED OFFER: Add at least 3 INCHES or get your money back! oquqxsdhgjjy mfnhjfwvdwql We are so sure our product works we are willing to prove it by offering a free trial bottle + a 100% money back guarantee upon purchase if you are not satisfied with the results. size="+2">---> href="http://[EMAIL PROTECTED]/vp/?info">Cl dslsmhmd>ick Here To Learn More <--- Also check out our *brand new* product: href="http://[EMAIL PROTECTED]/patch/?info">Pe buktujkp>nis Enlargeme qdocw>nt Patches Comes with the 100% money back warranty as well! uxpvmtkobessb tgmmsukktlq xumuywchpl osaxmoceopfhkb shmpscbzygs skcefjdfyrho href="http://[EMAIL PROTECTED]/vp/optout.shtml?info">N av>o more offers --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] A little CMA documentation for Outlook 2003 RFC non-compliance 2003 RFC non-compliance
I have a customer who was having trouble with his messages sent to users on servers that use spam filters not being delivered. I had him send a message to me so I could see what tests it fails. As some of you may have already guessed, he's got a new pc with Outlook 2003 and the messages fail the spam headers test. I informed him that among mail server and/or spamfilter administrators this is a known issue. So, he calls MS. MS says it's OEM software, call the vendor. Dell says I'm full of it. So... Would someone with more thorough and better understanding than mine please send me something (with permission to quote or I'd just lift from archives) that I can send to this customer? I'm looking for what it is that Outlook 2003 does wrong and what RFC it is not conforming to. He wants to then show it to Dell and request an exchange for Office 2002. It's really a Microsoft issue (it's a bug -- er, "new feature" -- in Outlook 2003), but they may have a special arrangement with Dell. Microsoft had a few complaints from people using Outlook that their machine name was "leaked" in the Message-ID header. Instead of ignoring the complaint, or making the host name used in the Message-ID: header configurable, they chose to remove the Message-ID: header. Microsoft is technically RFC-compliant, *if* they understand the consequences of what they did. In order words, it is only RFC-compliant if accept the fact that the E-mail sent from Outlook 2003 may be marked as spam. Microsoft's position, from what we understand, is that they expect all mailservers to whitelist outgoing E-mail from Outlook 2003 users, and add the Message-ID: header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] A little CMA documentation for Outlook 2003 RFC non-compliance
Title: Message Hi there, I have a customer who was having trouble with his messages sent to users on servers that use spam filters not being delivered. I had him send a message to me so I could see what tests it fails. As some of you may have already guessed, he's got a new pc with Outlook 2003 and the messages fail the spam headers test. I informed him that among mail server and/or spamfilter administrators this is a known issue. So, he calls MS. MS says it's OEM software, call the vendor. Dell says I'm full of it. So... Would someone with more thorough and better understanding than mine please send me something (with permission to quote or I'd just lift from archives) that I can send to this customer? I'm looking for what it is that Outlook 2003 does wrong and what RFC it is not conforming to. He wants to then show it to Dell and request an exchange for Office 2002. I would much appreciate it. I'm sorry to make this issue that isn't really mine yours too. But, it might just be handy to have this kind of information on hand anyway as more people start using this product. Thanks, Katie (Who will try to stop gritting her teeth now.)
RE: [Declude.JunkMail] Declude does not see email
Agreed - I too have very occasionally seen instances where emails were clearly not processed by Declude (no Declude headers) but were delivered to my mailboxes. Imail 7.0 Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karen D. Oland Sent: Thursday, December 04, 2003 12:33 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Declude does not see email I've seen this twice in the last month. IMAIL 7.15, declude 1.76. No real-time scanning of email directories. May be related to hard disk traffic, but not specific to IMAIL 8.x > -Original Message- > From: R. Scott Perry > Sent: Wednesday, December 03, 2003 1:01 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Declude does not see email > > > > >I am now seeing this also. This is disturbing as it is allowing > >viruses through. > > > >The particular message that I am concerned with (containing a virus) > >does show up in the c:\declude.log file but is not in the virus or > hijack log but > >is seen in this line in the JM log: > > > >12/03/2003 06:11:30 Qeedf08fb02486d2c Could not lock > >F:\Spool\Qeedf08fb02486d2c.SMD; timed out (j=2). > > This will happen if either the Q*.SMD file disappears, or is locked by > another program (presumably IMail). > > It looks like there are several issues with IMail v8. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude does not see email
I've seen this twice in the last month. IMAIL 7.15, declude 1.76. No real-time scanning of email directories. May be related to hard disk traffic, but not specific to IMAIL 8.x > -Original Message- > From: R. Scott Perry > Sent: Wednesday, December 03, 2003 1:01 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Declude does not see email > > > > >I am now seeing this also. This is disturbing as it is allowing viruses > >through. > > > >The particular message that I am concerned with (containing a virus) does > >show up in the c:\declude.log file but is not in the virus or > hijack log but > >is seen in this line in the JM log: > > > >12/03/2003 06:11:30 Qeedf08fb02486d2c Could not lock > >F:\Spool\Qeedf08fb02486d2c.SMD; timed out (j=2). > > This will happen if either the Q*.SMD file disappears, or is locked by > another program (presumably IMail). > > It looks like there are several issues with IMail v8. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] How to stop this
Anyone know the best way to stop messages that look like this: The only solution to Penis Enlargement btgpbjbefuabw avuudwbcjvz LIMITED OFFER: Add at least 3 INCHES or get your money back! oquqxsdhgjjy mfnhjfwvdwql We are so sure our product works we are willing to prove it by offering a free trial bottle + a 100% money back guarantee upon purchase if you are not satisfied with the results. ---> http://[EMAIL PROTECTED]/vp/?info">Click Here To Learn More <--- Also check out our *brand new* product: http://[EMAIL PROTECTED]/patch/?info">Penis Enlargement Patches Comes with the 100% money back warranty as well! uxpvmtkobessb tgmmsukktlq xumuywchpl osaxmoceopfhkb shmpscbzygs skcefjdfyrho http://[EMAIL PROTECTED]/vp/optout.shtml?info">No more offers --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude virus hanging...
Thanks all for your help. I upgraded to 1.76i and the problem is solved. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Bill Landry > Sent: Wednesday, December 03, 2003 11:02 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Declude virus hanging... > > Todd, is the production file called virus1.cfg? I don't know if that > would > cause any problems, but the default file name is just virus.cfg. What > version of Declude are you running. There was a problem with having more > than 5 or 6 BANNAME entries in the virus.cfg file. Scott release an > interim > update yesterday to resolve this. > > Bill > - Original Message - > From: "Todd Holt" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, December 03, 2003 10:45 PM > Subject: [Declude.JunkMail] Declude virus hanging... > > > > When I have Declude.Virus active it creates a .vir directory for each > > message, then never finishes the message, just leaves it hanging > > forever. When I turn off virus, messages flow properly. I have tried > > switching from f-prot to AVG with the same result. Virus.cfg attached. > > > > Any thoughts?? > > > > Todd Holt > > Xidix Technologies, Inc > > Las Vegas, NV USA > > www.xidix.com > > 702.319.4349 > > > > > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Error - BOUNCE is not an ACTION. May be a duplicate test definiti on? on?
Change the action from "BOUNCE" to "BOUNCEONLYIFYOUMUST" Thursday, December 4, 2003, 9:50:49 AM, Hirthe, Alexander <[EMAIL PROTECTED]> wrote: HA> Hello, HA> I'm getting "12/04/2003 00:02:26 Warning: misconfiguration in following line HA> in configuration file (BOUNCE is not an ACTION). May be a duplicate test HA> definition?" HA> I "think" this comes since the update to v1.76i30. Does anyone see this? HA> I went down to 1.76i, now I'm waiting for the next Bounce :-) HA> Alex HA> --- HA> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] HA> --- HA> This E-mail came from the Declude.JunkMail mailing list. To HA> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and HA> type "unsubscribe Declude.JunkMail". The archives can be found HA> at http://www.mail-archive.com. Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Error - BOUNCE is not an ACTION. May be a duplicate test definiti on? on? a duplicate test definiti on? on?
I'm getting "12/04/2003 00:02:26 Warning: misconfiguration in following line in configuration file (BOUNCE is not an ACTION). May be a duplicate test definition?" I "think" this comes since the update to v1.76i30. Does anyone see this? Yes. You must first go to the manual and make sure that you understand the BOUNCE action (about 90% of our customers do not, although I think the majority on this list do), and then rename it to BOUNCEONLYIFYOUMUST. Out customers were likely sending out millions of spams a day without realizing it. I went down to 1.76i, now I'm waiting for the next Bounce :-) FYI, there is no 1.76i (although you're not the first to reference it!). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter per user
I don't recommend it, but he does pay us for a service and should have the say so of what he wants or doesn't want. I agree with you, a lot of legit emails will get caught. Thanks, Kris McElroy [EMAIL PROTECTED] Chief Technology Officer Duracom, INC. www.duracom.net "I am always doing that which I can not do, in order that I may learn how to do it." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Thursday, December 04, 2003 9:32 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Filter per user So that user wants to block legit domains? And you want to allow that? John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Kris McElroy > Sent: Thursday, December 04, 2003 6:48 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Filter per user > > Can I setup a Filter file per user? I have a user who wants everything > from > .biz blocked. Can this be done? > > > > > Thanks, > > > Kris McElroy > [EMAIL PROTECTED] > > Chief Technology Officer > Duracom, INC. > www.duracom.net > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude does not see email
I wonder if this has something to do with Declude crashing every now and then -- it only shows up in the event viewer under W2K3 -- no declude error files are written. Thursday, December 4, 2003, 6:32:39 AM, R. Scott Perry <[EMAIL PROTECTED]> wrote: >>Scott, what information can we provide you to help you track down whether >>IMail is calling Declude for each message or whether it is calling Declude >>twice for the same message? RSP> We have already confirmed cases of IMail v8 not calling Declude. We have RSP> "almost confirmed" cases of IMail calling Declude more than once, but have RSP> not officially confirmed it yet. RSP> With the latest interim release, if the E-mail is not referenced in the RSP> C:\Declude.log file, then IMail didn't start Declude. If it is listed more RSP> than once in the C:\Declude.log file, IMail probably (but not definitely) RSP> started Declude more than once. RSP> -Scott RSP> --- RSP> Declude JunkMail: The advanced anti-spam solution for IMail mailservers. RSP> Declude Virus: Catches known viruses and is the leader in mailserver RSP> vulnerability detection. RSP> Find out what you've been missing: Ask about our free 30-day evaluation. RSP> --- RSP> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP> --- RSP> This E-mail came from the Declude.JunkMail mailing list. To RSP> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP> type "unsubscribe Declude.JunkMail". The archives can be found RSP> at http://www.mail-archive.com. Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter per user
So that user wants to block legit domains? And you want to allow that? John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Kris McElroy > Sent: Thursday, December 04, 2003 6:48 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Filter per user > > Can I setup a Filter file per user? I have a user who wants everything > from > .biz blocked. Can this be done? > > > > > Thanks, > > > Kris McElroy > [EMAIL PROTECTED] > > Chief Technology Officer > Duracom, INC. > www.duracom.net > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why would this fail SpamDomains?
This is my entry for the SD test - @hotmail.com That's because the reverse DNS entry doesn't have "@hotmail.com" in it. It should be something like: @hotmail.comhotmail.com or hotmail.com -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude virus hanging...
If you are using Declude version 1.76Beta then move to the latest interim release or use the 1.75 version. Try that. Tyler > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Todd Holt > Sent: Thursday, December 04, 2003 1:46 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Declude virus hanging... > > > When I have Declude.Virus active it creates a .vir directory for each > message, then never finishes the message, just leaves it hanging > forever. When I turn off virus, messages flow properly. I have tried > switching from f-prot to AVG with the same result. Virus.cfg attached. > > Any thoughts?? > > Todd Holt > Xidix Technologies, Inc > Las Vegas, NV USA > www.xidix.com > 702.319.4349 > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude does not see email
Scott, what information can we provide you to help you track down whether IMail is calling Declude for each message or whether it is calling Declude twice for the same message? We have already confirmed cases of IMail v8 not calling Declude. We have "almost confirmed" cases of IMail calling Declude more than once, but have not officially confirmed it yet. With the latest interim release, if the E-mail is not referenced in the C:\Declude.log file, then IMail didn't start Declude. If it is listed more than once in the C:\Declude.log file, IMail probably (but not definitely) started Declude more than once. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude does not see email
Here are my numbers from yesterday: gawk "{print $3}" dec1203.log | usort | uniq | grep -c Q 25462 gawk "{print $3}" vir1203.log | usort | uniq | grep -c Q 25460 grep "12/02/2003" declude.log | gawk "{print $4}" | usort | uniq | grep -c Q 25612 Scott, what information can we provide you to help you track down whether IMail is calling Declude for each message or whether it is calling Declude twice for the same message? Bill - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 4:19 PM Subject: RE: [Declude.JunkMail] Declude does not see email So back to my original idea, in my case, yesterday 5 messages did not make it to Virus or JunkMail processing. That is barely over 1/10 of 1%. What are others experiences? (I will also do this latter on the other servers I work on.) John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Bill Landry > Sent: Wednesday, December 03, 2003 3:48 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Declude does not see email > > Great. The last script shown below should actually be: > > grep "12\/02\/2003" declude.log | gawk "{print $4}" | usort | uniq | grep > -c > Q > > Removed "-c" after the first grep command. > > Bill > > - Original Message - > From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, December 03, 2003 3:40 PM > Subject: RE: [Declude.JunkMail] Declude does not see email > > > Bill, never mind. I just got the reference paper from you and it is listed > in there where it is at and such. Works. Thanks. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > -Original Message- > > From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, December 03, 2003 3:32 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [Declude.JunkMail] Declude does not see email > > > > Bill, usort was not included in the files on the unixtools site you > posted > > before, but I was able to find it here: > > http://www.profsoftware.com/unixdos/ud09.htm However, now when running > the > > command, I am getting an error saying needed dll udbase.dll not found. > > > > John Tolmachoff > > Engineer/Consultant/Owner > > eServices For You > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > > [EMAIL PROTECTED] On Behalf Of Bill Landry > > > Sent: Wednesday, December 03, 2003 1:47 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [Declude.JunkMail] Declude does not see email > > > > > > John, a few weeks ago I sent you a copy of my 1st draft "UNIX > Utilities > > > Reference Guide" I had put together, but heard no response back from > > you. > > > Had you reviewed it you probably would have been able to figure this > > out. > > > Anyway, here is what I found on one of my IMail servers: > > > > > > gawk "{print $3}" dec1202.log | usort | uniq | grep -c Q > > > 25624 > > > > > > gawk "{print $3}" vir1202.log | usort | uniq | grep -c Q > > > 25625 > > > > > > grep -c "12\/02\/2003" declude.log | gawk "{print $4}" | usort | uniq > | > > > grep -c Q > > > 25612 > > > > > > Hmmm, strange that the number listed in the declude.log file is > actually > > > less then what's reported in the JunkMail and Virus log files. > > > > > > Bill > > > > > > - Original Message - > > > From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, December 03, 2003 12:34 PM > > > Subject: RE: [Declude.JunkMail] Declude does not see email > > > > > > > > > To help track this down, it would be helpful to do the following: > > > > > > Compare the number of messages logged in C:\declude.log to the number > > > logged > > > in the virus log in a 24 hour period. > > > > > > Any one know how to do that? > > > > > > John Tolmachoff > > > Engineer/Consultant/Owner > > > eServices For You > > > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > > > [EMAIL PROTECTED] On Behalf Of R. Scott Perry > > > > Sent: Wednesday, December 03, 2003 10:01 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: [Declude.JunkMail] Declude does not see email > > > > > > > > > > > > >I am now seeing this also. This is disturbing as it is allowing > > viruses > > > > >through. > > > > > > > > > >The particular message that I am concerned with (containing a > virus) > > > does > > > > >show up in the c:\declude.log file but is not in the virus or > hijack > > > log > > > > but > > > > >is seen in this line in the JM log: > > > > > > > > > >12/03/2003 06:11:30 Qeedf08fb02486d2c Could not lock > > > > >F:\Spool\Qeedf08fb02486d2c.SMD; timed out (j=2). > > > > > > > > This will happen if either the Q*.SMD file disappears, or is locked > by > > > > another program (presumably IMail). > >
[Declude.JunkMail] Error - BOUNCE is not an ACTION. May be a duplicate test definiti on? on?
Hello, I'm getting "12/04/2003 00:02:26 Warning: misconfiguration in following line in configuration file (BOUNCE is not an ACTION). May be a duplicate test definition?" I "think" this comes since the update to v1.76i30. Does anyone see this? I went down to 1.76i, now I'm waiting for the next Bounce :-) Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude virus hanging...
When I have Declude.Virus active it creates a .vir directory for each message, then never finishes the message, just leaves it hanging forever. When I turn off virus, messages flow properly. I have tried switching from f-prot to AVG with the same result. Virus.cfg attached. Any thoughts?? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 virus1.cfg Description: Binary data
Re: [Declude.JunkMail] Declude virus hanging...
Todd, is the production file called virus1.cfg? I don't know if that would cause any problems, but the default file name is just virus.cfg. What version of Declude are you running. There was a problem with having more than 5 or 6 BANNAME entries in the virus.cfg file. Scott release an interim update yesterday to resolve this. Bill - Original Message - From: "Todd Holt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 10:45 PM Subject: [Declude.JunkMail] Declude virus hanging... > When I have Declude.Virus active it creates a .vir directory for each > message, then never finishes the message, just leaves it hanging > forever. When I turn off virus, messages flow properly. I have tried > switching from f-prot to AVG with the same result. Virus.cfg attached. > > Any thoughts?? > > Todd Holt > Xidix Technologies, Inc > Las Vegas, NV USA > www.xidix.com > 702.319.4349 > > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude does not see email
I wonder if this has something to do with Declude crashing every now and then -- it only shows up in the event viewer under W2K3 -- no declude error files are written. No, this is unrelated. The C:\Declude.log file entries from the latest release prove it (they are created immediately as the program is started). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Well, then the best of both worlds is to change the spamdomains test to an ENDSWITH qualifier and it will support your needs and mine. The current CONTAINS qualifier only effectively supports your needs, and does so, at that, with limited capabilities. Bill - Original Message - From: "Matthew Bramble" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 8:23 PM Subject: Re: [Declude.JunkMail] SpamDomains > Bill Landry wrote: > > >If you use the @ symbol in the first column, then you have severely limited > >yourself to supporting only one RDNS per domain. > > > I don't feel limited, in fact, I have a lot more confidence in this test > not FP'ing on VERP stuff which may be forwarded to an account hosted on > my machine, i.e. to [EMAIL PROTECTED] forwarded to > [EMAIL PROTECTED] This is especially important if you build a > spamdomains file for local domains. > > > >If you need to support delivery of e-mail from [EMAIL PROTECTED] and > >sometime it comes from a mail server with RDNS of xxx.mindspring.com and > >sometimes it comes from xxx.earthlink.com, how would you venture to support > >this in your scenario by starting every domain in the first column with the > >@ sign? > > > > If it really mattered to you, you could leave it off for some domains > where this is an issue. I've gone through some of the entries that have > been shared on this list in the past and found that a lot of these > matches don't exist, it seems that someone just guessed that there might > be such a possibility, and other things such as your buy.com example > where they use a third-party trusted bulk mailer is taken care of with a > separate 'white' file on my system. It's much easier to credit points > to DartMail across the board rather than keep track of which companies > are using them and might be also in a spamdomains file. > > I've tried it both ways, and I like the idea of separate files with the > addition of a white file and using @ symbols. I think that it's > critical for instance to have a FRAUDDOMAINS file with listings for > Ebay, PayPal, Microsoft, Symantec and McAfee for instance, and a white > file for reverse DNS lookups for places like americangreetings.com and > ebay.com. > > Don't knock it until you try it :) > > Matt > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filter per user
Can I setup a Filter file per user? I have a user who wants everything from .biz blocked. Can this be done? Thanks, Kris McElroy [EMAIL PROTECTED] Chief Technology Officer Duracom, INC. www.duracom.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] why would this fail SpamDomains?
X-Declude-Sender: [EMAIL PROTECTED] [64.4.10.85] X-Declude-Spoolname: D48f900ac00427c71.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT, SPAMDOMAINS, FILTER, WEIGHT10, WEIGHT20, WEIGHT15 [21] X-Country-Chain: X-Note: This E-mail was sent from bay7-dav28.bay7.hotmail.com ([64.4.10.85]). This is my entry for the SD test - @hotmail.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filter per user
Can I setup a Filter file per user? I have a user who wants everything from .biz blocked. Can this be done? The filter files can't be set up on a per-user basis. However, in this case, you could create a new filter -- but only take an action on that filter for the one user (using the per-user settings). With the new HIDETESTS option in the upcoming beta, E-mail for other users could fail the test without it showing up in the X-Spam-Tests-Failed: header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.