Yes, SWITCHRECIP=ON.
However, the problem stated with i12, we reproduced the problem at will
until we went back to i8 - and then tne problem went away.
So, something is wrong with SWITCHRECIP=ON and BYPASSMULTIRECP combination
in i12.
This may just be expected behavior with the SWITCHRECIP ON
Hi Scott:
This may just be expected behavior with the SWITCHRECIP ON option
I assume you are only referring to the fact, that a bounce message would
list the same recipient 12 times - that expected behavior I can tolerate.
But, with BYPASSMULTIRECP it is clear that for SPAM protection, a
Bill,
I might give it a try on one of our test boxes. Sandy/Nick, what kind of
performance hits have you experienced when adding Cygwin and SA to your
IMail/Declude installations? Could be interesting to see how it will run
with the existing IMail/Declude/Sniffer/Alligate/SpamCheck combo...
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
But, with BYPASSMULTIRECP it is clear that for SPAM protection, a
Sorry to jump in on this thread, but what is BYPASSMULTIRECP and when was
it introduced into Declude? I searched the JunkMail manual, release notes,
and archive
Has anyone seen any of these used for legitimate mail?
Most of those are just common mail clients or programs.
mutt for instance is very common on *nix. Likewise becky! and
theBat! and others for Windows.
Just because an X-mailer header exists doesn't mean that's what sent
the message. I can
It's a feature to counteract the downside of Whitelisting.
Sometimes, we have to use white-listing (e.g., the postmaster domain so
that false positive reports can reach us and we can fine-tune our
bounce/delete policities). On the other hand, much spam is now directed
against those accounts.
By
Oops, disregard, I see that BYPASSMULTIRECP is just a user defined test name
being used with bypasswhitelist option.
Bill
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 09, 2004 6:56 AM
Subject: Re: [Declude.JunkMail] Bug: Alias
Wow
_M
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of nick
|Sent: Friday, January 09, 2004 9:49 AM
|To: [EMAIL PROTECTED]
|Subject: Re: Re[2]: [Declude.JunkMail] ANN: Declude RegEx
|support in next release of SPAMC32
|
|
|Bill,
|
|I might give it a
Gee, Pete. Are you commenting on the sheer number of tests or which test
had the most hits?
Andrew ;)
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Sent: Friday, January 09, 2004 8:39 AM
To: [EMAIL PROTECTED]
Subject: RE: Re[2]: [Declude.JunkMail] ANN: Declude RegEx
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
Well, I was surprized at the difference between Sniffer (91%) and Spam
Assassin (61%). I was particularly surprized because the Sniffer
rulebase being used is the demo and it is restricted by 15 days.
Yes, that is quite
Bill, Pete -
Well, I was surprized at the difference between Sniffer (91%) and Spam
Assassin (61%). I was particularly surprized because the Sniffer
rulebase being used is the demo and it is restricted by 15 days.
Yes, that is quite impressive.
Up to now we have had sketchy info about how we
I would like to hear from anybody who has experience with filtering
by the X-Mailer header. In going through my logs, the following look
like they are consistently used for spam.
I don't know if you dropped those all into lower-case or not (I'm
guessing you did), but it is a common
- Original Message -
From: nick [EMAIL PROTECTED]
wow I did not know that - I will research that info.
Nick, check out http://www.emtinc.net/spamhammers.htm and grab the four
rulesets there that Jennifer put together, they are all very good. I have
another one of her small rulesets
Well, I was surprized at the difference between Sniffer (91%) and
Spam Assassin (61%). I was particularly surprized because the
Sniffer rulebase being used is the demo and it is restricted by 15
days.
We're seeing about 75% SpamAssassin vs. 95% Sniffer (full version) on
our true
|Bill, Pete -
|
snip
|accuracy. eg: false positives. Sniffer is a very good tool
|however it scores - at least with the demo rulebase on my
|system - false positives. I score it with 3 points. SA on the
|other hand has *very* few false positives so it gets an 8. No
|question if I had the
Done!
Wicked easy. I really love a lot of tests [as someone else noted]
Will keep a watch on things and see what the differences are.
Thank you very much!
[ Matt - are you goint to 'mailpureize' these? :) ]
-Nick Hayer
From: Bill Landry [EMAIL PROTECTED]
Nick, check out
Pete -
From: Pete McNeil [EMAIL PROTECTED]
One thing you should definitely do with sniffer is to weight group 60
lower than the others. Group 60 is the gray hosting group which will
cause many false positives if not countered with appropriate white
rules. If you make this adjustment you should
Some of these are pretty common and like any tool, can be abused.
SquirrelMail is one of my favorite open source apps.
http://www.squirrelmail.org/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla
Sent: Friday, January 09, 2004 8:40 AM
Title: Message
Nick:Here's an example from my global.cfg to test the
very-generous demo setup of
Sniffer:#
It provides content inspection. See www.sortmonster.com#Note that the only
value normally returned for our non-registered version is 0=clean and
63=badSNIFFER
external
nonzero
- Original Message -
From: nick [EMAIL PROTECTED]
From: Pete McNeil [EMAIL PROTECTED]
One thing you should definitely do with sniffer is to weight group 60
lower than the others. Group 60 is the gray hosting group which will
cause many false positives if not countered with
Only when regular expressions are added to Declude :)
Oh, and I'd also have to learn regular expressions :)
Maybe something else is in the works :)
No promises.
Matt
nick wrote:
Done!
Wicked easy. I really love a lot of tests [as someone else noted]
Will keep a watch on things and see what
My take on the Gray test was that hits there would not generally reach a
strict standard of spam, but to those that consider most if not all
advertising in E-mail to be spam, then blocking based on that would be
good. Lots of what I consider to be legitimate ads land in that
category,
Nick,
You can score the various result codes of sniffer differently.
SNIFFEREXP external 62 X:\Sniffer\your sniffer.exe 7 0
SNIFFEROBFUS external 61 X:\Sniffer\your sniffer.exe
10 0
SNIFFERGREY external 60 X:\Sniffer\your sniffer.exe 5 0
|One thing you should definitely do with sniffer is to weight group 60
|lower than the others. Group 60 is the gray hosting group which will
snip
|I would if I knew how..; actually I do not know what Group 60
snip
|-Nick Hayer
Easy with Declude. (Scott, correct me if I get this wrong)
You
How would you handle it if a know spammer domain sent out 250 community
service Amber Alerts to users on you server?
The WHITEFILTER3 lines found was Amber Alerts and AmberAlert in the HEADERS.
X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from
bounceto.shysterbob.com, a potential spam source
The following message was sent through the real Yahoo, and I'm seeing
something coming from them almost every day now (and I only review a
small part of it). I just upped my PSEUDO-WHITE counterbalance by 2
points to equal FIVETEN-SPAM (+3 and -3 now). I'm thinking the reason
why I am
Matt, I don't what my observation is worth but the only spam I've noticed in
the past year from Yahoo! servers was always from the *.bizmail.yahoo.com
servers (a related issue is/was a lack of confirmation for message group
sign-ups).
Previous to that, Yahoo! and HoTMaiL and AOL were common
|Pete, correct me if I am wrong, but I thought that with the
|free version you could only track two response codes, 55
|(malware) 63 (general)?
Since about October last year we also isolated the gray hosting rule
group (60) so that people could more readily evaluate sniffer with fewer
false
Don't get me wrong about SpamCop. They are weighted in the tier 2 range
on my server, and tier 1 is only SBL and my own list of IP's. I want to
drop them another point because they tend to FP on bulk E-mail, and I do
understand that it is hard to keep track of individual sources, but
tagging
Massive snips with me are generally helpful :)
I'm with you for the most part, but to take it a step further.
Senderbase does a pretty good job of exposing ISP mail servers:
http://www.senderbase.org/search?searchBy=ipaddresssearchString=68.168.78.199whichOthers=%2F24
It would be great to
Hi John,
HmmmInteresting question.
I'm not inclined to handle it any differently than other email. If a
spammer is sending out the Amber Alerts, how do you know it's legit? Even
if I send out an Amber Alert how you know it's legit? Will the spammer in
question adhere to honest
For those that are interested here is a site that has links to various
states' Amber Alert plans.
http://www.sexcriminals.com/amber-alert/
Sorry, my search did not yield a page with world-wide links.
Back to John's question, I suppose it's easiest for me as an organization
to help the
Now that doesn't make any sense. Why would you sign up with a local
provider and not your state or local law enforcement agency?
It does seem like an effective, but extremely underhanded and immoral
technique for harvesting addresses. More research to do...
Burzin
At 08:46 PM 1/9/2004, you
33 matches
Mail list logo
