[Declude.JunkMail] Kill List not working.....

2004-02-10 Thread Bennie
Hello all.

I was asked some time ago to add a domail to my kill list.. I added it.  But
the customer is still recieving spam from this domail.  They sent me the
headers (I have them listed below) and I see the domail in the headers.  but
I never see where it failed the KillList.

Headers---

Received: from mail.ramthehole.com [66.110.74.50] by mail.pepperlink.net
  (SMTPD32-8.05) id A398669F0140; Mon, 09 Feb 2004 23:52:40 -0500
Date: Mon, 09 Feb 2004 23:57:24 -0500
Subject: Exclusive X-Soaked Model Photos
From: Budapest Bukkake [EMAIL PROTECTED]
To:
Return-Path: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
X-Mailer: Mailer Software (rev. 01/15/2004)
Message-Id: [EMAIL PROTECTED]
MIME-version: 1.0
Content-type: multipart/alternative; boundary=iqxhhbldriaiwihk
X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12919
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 66.110.74.50 with
no reverse DNS entry.
X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10.
X-Declude-Sender: [EMAIL PROTECTED] [66.110.74.50]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10 [12]
X-Note: QueInControl: D6398669f014033a3.SMD (1)
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10 [12]
X-Note: RDNS Real Origin: [No Reverse DNS][66.110.74.50]
X-Note: SMTP Real From: [EMAIL PROTECTED]
X-Note: SMTP Real To:
X-Note: This E-mail was sent from [No Reverse DNS] ([66.110.74.50]).
X-RBL-Warning: Total spam weight of this E-mail is 12.
X-RCPT-TO:
Status: U
X-UIDL: 374908735

Here is the entry in my killl list file

.ramthehole.com  ID-20040204-pep007

here is the line from my GLOBAL.CFG

KFROMfromfile  e:\imail\declude\fromfile.txt x
15 0
KFrom   WARN

Line from $DEFAULT$.JUNKMAIL

KFROM   WARN X-RBL-Warning: This E-mail failed the KILL File test

Thanks
Bennie



---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Kill List not working.....

2004-02-10 Thread R. Scott Perry

I was asked some time ago to add a domail to my kill list.. I added it.  But
the customer is still recieving spam from this domail.  They sent me the
headers (I have them listed below) and I see the domail in the headers.  but
I never see where it failed the KillList.
This is a common problem:

X-Note: SMTP Real From: [EMAIL PROTECTED]
The mail came from [EMAIL PROTECTED], but:

Here is the entry in my killl list file

.ramthehole.com  ID-20040204-pep007
you are blocking E-mail with a return address that contains 
.ramthehole.com, which doesn't appear in the return address.  In this 
case, I would suggest either using just:

@ramthehole.com

or using both:

.ramthehole.com
@ramthehole.com
The first example will work fine in most cases, but the second one will 
cover all possible scenarios.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Matt




Sandy,

You're quite a capable person, and some of this stuff might be trivial
for you, or maybe you just like tinkering with such things...but, it's
overreaching to assume that this is the same for the vast majority of
users.

A long time ago when I was in high school and proud member of the geeky
A/V club, we often found ourselves without the proper cable to connect
two devices...so we improvised. One cable into another, switching
genders, over and over again, eventually we got what we needed. We
were thinking on our feet; we were being resourceful. However, had the
proper cable been available, we would have been greatly overly
complicating matters.

I guess what I'm saying is if you can do it without LDAP or
ActiveDirectory, why not do it without LDAP or ActiveDirectory.
There's certainly other ways to go about doing this, especially if you
only have one or a small handful of machines that need to access this
data. Sourcing directly from text files (not in real time as
previously clarified) is likely the most universal and uncomplicated
method, however some situations may well benefit by sourcing from LDAP,
such as being a dedicated backup to an Exchange server, or a dedicated
backup to an IMail server that doesn't gateway...or if you just simply
prefer for it to be that way. I don't think LDAP is bad, I just think
that supporting a distributed LDAP environment is unnecessary if done
solely for the purpose of storing several hundred to several tens of
thousands of E-mail addresses.

Matt



Sanford Whiteman wrote:

  
I'm  not  dumping on LDAP, I think it can be very useful, however in
this  case,  is  it really necessary? Why not just support loading a
text  file  into  memory  and  using  that?

  
  
Because it's poor architecture that I wouldn't trust on my mailserver.

  
  
It's   the  lowest  common  denominator...

  
  
Yep, that's the problem, all right. :)

  
  
The  only  reason  not  to  use  text  files  would  be  a technical
limitation,  but  I'm  not  suggesting  that it be accessed once per
message, so that isn't at issue.

  
  
Then  you  clearly  don't see the _other_ technical problems involved.
Disk I/O is not the primary problem.

  
  
I  would  certainly  look  to  VAMsoft  for this application if they
supported text files...

  
  
Well,  you  _can_  use  ORF  for  this! Just use their "everybody but"
recipient  blacklist,  whose addresses are stored in the .INI file and
read once at service start (ORF service, not SMTP service). Every time
you  update the file, net restart ORF. It's _already_ there for you in
ORF if this is the way you want to swing it.

I  believe that if you have a single domain, AD via LDAP is the better
way  to go. As a longtime LDAP user, I believe your concerns about the
complexity  of  having  a  built-in LDAP service running with the sole
purpose of MX user lookup are unfounded.

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


  


-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=




[Declude.JunkMail] Vacation Message Dilema

2004-02-10 Thread Keith Johnson
I have a few users on a domain who have a vacation in place.  For those
users, I have a Per-User Declude config that uses the MailBox function
for the Weight20 test.  Does the vacation message get triggered on the
actually Main inbox or also sub mailboxes?  What I am noticing is that
when I check their vacation.snt file it lists a lot of addresses that
went to the Sub Mailbox.  This is causing a backlash of bounce messages
back to my client due to when spam comes in a vacation message is sent
out.  Has anyone seen this?

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface

2004-02-10 Thread Robert
It needs so fine tuning. I have been trying to get it all fine tuned,
I was thinking it was something to build on.

Robert Whitaker
The Modem Pool
517-789-5689
1-888-377-5689

Be sure to try the New Web Express Internet Accelerator from The Modem Pool
http://web-express.modempool.com


- Original Message -
From: Joe Wolf [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 09, 2004 9:14 PM
Subject: Re: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface


Robert,

I like the way your system looks!  I don't want to get so involved with
various machines (I'm a keep it as simple as possible type of person).  I'd
love to see something like that using the Imail web server and that works
with the Imail registry database.

Thanks for the post!

-Joe

- Original Message -
From: Robert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 09, 2004 8:57 AM
Subject: Re: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface


 Hello Everyone,

 I don't usually have to much to offer as I always seem to be the one
trying
 to catch-up.
 But maybe I can help this time.
 I have a simple user interface.
 It is of course built for us, But I believe a couple of changes here and
 there, Presto! User can change their own setting.


 To do this you need.
 A web server able to connect to a shared folder on the mail server. (If it
 is not local to the mail server.)
 A special user with system permissions. This user is the anonymous user
 for this web site.

 Setup the web site so ASP will work. Set the anonymous user to your
special
 user.
 Place the interface files in the web site.
 Set up a system DSN to your SQL server. You will need this information for
 the proclogin.asp file.

 On the mail server in the imail\declude folder create a new folder called
 the name of the domain and share it out.
 Set the shared permissions so only the special user has full control.
 Maybe leave your self permission to read. (If you feel you must).

 Edit the prologon.asp file. Change the DSN  Name, UID, and PWD to match
your
 SQL server.

 I am using separate servers for each function. If you don't you will have
to
 edit the files to match.
 The zip file has 5 asp files and one gif. You will want to change the gif
I
 'm guessing.

 I don't know if the zip file will go through to the group or not.
 I also hope that it is not in improper to post with the attachment.


 Robert Whitaker
 The Modem Pool
 517-789-5689
 1-888-377-5689

 Be sure to try the New Web Express Internet Accelerator from The Modem
Pool
 http://web-express.modempool.com


 - Original Message -
 From: Jason [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Sunday, February 08, 2004 8:12 PM
 Subject: RE: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface


 Those are both great pages, but coming from the standard user point of
 view, most will be confused from this.  The page I was referring to was
 3 or 4 radio buttons, and a 1 line explanation of each.  Like   NO
 BLOCKING - Everthing will go through, STRICT BLOCKING - Only people in
 your online address book can send mail to you

 Jason



 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Terry Fritts
 Sent: Sunday, February 08, 2004 4:50 AM
 To: Jason
 Subject: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface



  Someone about 2 months ago had posted that they had a page built into
  Imail Web Messaging that had 3 or 4 custom settings, like no
  filter, medium High and whitelist only.

 One from Sanford:

  It  can  be built using the IMail Web Messaging interface, but I don't

  think  anybody's  come up with a one-size solution yet. A rather wordy
  sample   is   at  http://webmail.cypressintegrated.com:8383.  See  the
  SPAManager Settings areas.
 
  Username: [EMAIL PROTECTED]
  Password: blue

 And another from Erik Hjelholt:

 http://www.mail-archive.com/[EMAIL PROTECTED]/msg10239.html

 referencing:  https://ss.alberni.net/spamcontrol/Login.asp
   'declude' and the password is 'junkmail'



 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
 unsubscribe Declude.JunkMail.  The archives can be found at
 http://www.mail-archive.com.

 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.











 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL 

[Declude.JunkMail] Mailing Lists and WhiteListing?

2004-02-10 Thread R. Lee Heath
Wondering if Declude could read mailing list files for whitelisting
purposes? Right now I suspect this would not work...

For example the $default$.junkmail could have:

WHITELISTFILE C:\IMail\domain.com\lists\whitelist\users.lst

Then web access could be given to companies so they can manage their
own whitelists... Just a thought. It would likely be an easy way to
accomplish this..although I don't know if @domain.com entries would be
accepted by Imail? Declude would have to read the new formats
generated by Imail list entries.

--
Roger Heath
[EMAIL PROTECTED]
www.rleeheath.com



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface

2004-02-10 Thread Bill

This is my interface.  I am considering making a distribution package if
there is a demand.  Take a look using the demo account:

Username:   johnd
Password:   password

Url:http://spamstats.wamusa.com/myspam.asp?page=rules

Please comment or send an e-mail directly to me.

Thanks,
Bill

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Robert
 Sent: Tuesday, February 10, 2004 8:51 AM
 To: [EMAIL PROTECTED]
 Subject: Re: Re[4]: [Declude.JunkMail] JunkMail User Friendly 
 Interface
 
 
 It needs so fine tuning. I have been trying to get it all 
 fine tuned, I was thinking it was something to build on.
 
 Robert Whitaker
 The Modem Pool
 517-789-5689
 1-888-377-5689
 
 Be sure to try the New Web Express Internet Accelerator from 
 The Modem Pool http://web-express.modempool.com
 
 
 - Original Message -
 From: Joe Wolf [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Monday, February 09, 2004 9:14 PM
 Subject: Re: Re[4]: [Declude.JunkMail] JunkMail User Friendly 
 Interface
 
 
 Robert,
 
 I like the way your system looks!  I don't want to get so 
 involved with various machines (I'm a keep it as simple as 
 possible type of person).  I'd love to see something like 
 that using the Imail web server and that works with the Imail 
 registry database.
 
 Thanks for the post!
 
 -Joe
 
 - Original Message -
 From: Robert [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Monday, February 09, 2004 8:57 AM
 Subject: Re: Re[4]: [Declude.JunkMail] JunkMail User Friendly 
 Interface
 
 
  Hello Everyone,
 
  I don't usually have to much to offer as I always seem to be the one
 trying
  to catch-up.
  But maybe I can help this time.
  I have a simple user interface.
  It is of course built for us, But I believe a couple of 
 changes here 
  and there, Presto! User can change their own setting.
 
 
  To do this you need.
  A web server able to connect to a shared folder on the mail server. 
  (If it is not local to the mail server.) A special user 
 with system 
  permissions. This user is the anonymous user for this web site.
 
  Setup the web site so ASP will work. Set the anonymous user to your
 special
  user.
  Place the interface files in the web site.
  Set up a system DSN to your SQL server. You will need this 
 information 
  for the proclogin.asp file.
 
  On the mail server in the imail\declude folder create a new folder 
  called the name of the domain and share it out. Set the shared 
  permissions so only the special user has full control. 
 Maybe leave 
  your self permission to read. (If you feel you must).
 
  Edit the prologon.asp file. Change the DSN  Name, UID, and PWD to 
  match
 your
  SQL server.
 
  I am using separate servers for each function. If you don't 
 you will 
  have
 to
  edit the files to match.
  The zip file has 5 asp files and one gif. You will want to 
 change the 
  gif
 I
  'm guessing.
 
  I don't know if the zip file will go through to the group or not. I 
  also hope that it is not in improper to post with the attachment.
 
 
  Robert Whitaker
  The Modem Pool
  517-789-5689
  1-888-377-5689
 
  Be sure to try the New Web Express Internet Accelerator 
 from The Modem
 Pool
  http://web-express.modempool.com
 
 
  - Original Message -
  From: Jason [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Sunday, February 08, 2004 8:12 PM
  Subject: RE: Re[4]: [Declude.JunkMail] JunkMail User Friendly 
  Interface
 
 
  Those are both great pages, but coming from the standard 
 user point of 
  view, most will be confused from this.  The page I was 
 referring to was
  3 or 4 radio buttons, and a 1 line explanation of each.  Like   NO
  BLOCKING - Everthing will go through, STRICT BLOCKING - 
 Only people 
  in your online address book can send mail to you
 
  Jason
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of 
 Terry Fritts
  Sent: Sunday, February 08, 2004 4:50 AM
  To: Jason
  Subject: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface
 
 
 
   Someone about 2 months ago had posted that they had a page built 
   into Imail Web Messaging that had 3 or 4 custom 
 settings, like no 
   filter, medium High and whitelist only.
 
  One from Sanford:
 
   It  can  be built using the IMail Web Messaging interface, but I 
   don't
 
   think  anybody's  come up with a one-size solution yet. A 
 rather wordy
   sample   is   at  
 http://webmail.cypressintegrated.com:8383.  See  the
   SPAManager Settings areas.
  
   Username: [EMAIL PROTECTED]
   Password: blue
 
  And another from Erik Hjelholt:
 
  
 http://www.mail-archive.com/[EMAIL PROTECTED]/msg10239.html
 
  referencing:  https://ss.alberni.net/spamcontrol/Login.asp
'declude' and the password is 'junkmail'
 
 
 
  ---
  [This E-mail was scanned for viruses by Declude Virus 
  (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To 
  

RE: [Declude.JunkMail] Vacation Message Dilema

2004-02-10 Thread Matt Robertson
Yes.  My solution was to remove the vacation message option from the web
mail template menu.  One of the few times I've done something like that
without polling customers.  Vacation messages are eee-ville.


 Matt Robertson   [EMAIL PROTECTED] 
 MSB Designs, Inc.  http://mysecretbase.com
  -  -  -  -  -  -  -  -  -  -  -  -  -  -  
 Site Design and ColdFusion Developer Tools


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Kill List not working.....

2004-02-10 Thread Colbeck, Andrew
Bennie, blocking spammers by their domain name only is a losing proposition.
You're already using SBL... I'd suggest that you also implement the SORBS
tests and the MAILPOLICE tests.  

Checking my own spam, we also received mail from this spammer, but we caught
it without having to check for their domain name du jeur.

Andrew.

-Original Message-
From: Bennie [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 10, 2004 3:18 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Kill List not working.


Hello all.

I was asked some time ago to add a domail to my kill list.. I added it.  But
the customer is still recieving spam from this domail.  They sent me the
headers (I have them listed below) and I see the domail in the headers.  but
I never see where it failed the KillList.

Headers---

Received: from mail.ramthehole.com [66.110.74.50] by mail.pepperlink.net
  (SMTPD32-8.05) id A398669F0140; Mon, 09 Feb 2004 23:52:40 -0500
Date: Mon, 09 Feb 2004 23:57:24 -0500
Subject: Exclusive X-Soaked Model Photos
From: Budapest Bukkake [EMAIL PROTECTED]
To:
Return-Path: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
X-Mailer: Mailer Software (rev. 01/15/2004)
Message-Id: [EMAIL PROTECTED]
MIME-version: 1.0
Content-type: multipart/alternative; boundary=iqxhhbldriaiwihk
X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12919
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 66.110.74.50 with
no reverse DNS entry.
X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10.
X-Declude-Sender: [EMAIL PROTECTED] [66.110.74.50]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10 [12]
X-Note: QueInControl: D6398669f014033a3.SMD (1)
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10 [12]
X-Note: RDNS Real Origin: [No Reverse DNS][66.110.74.50]
X-Note: SMTP Real From: [EMAIL PROTECTED]
X-Note: SMTP Real To:
X-Note: This E-mail was sent from [No Reverse DNS] ([66.110.74.50]).
X-RBL-Warning: Total spam weight of this E-mail is 12.
X-RCPT-TO:
Status: U
X-UIDL: 374908735

Here is the entry in my killl list file

.ramthehole.com  ID-20040204-pep007

here is the line from my GLOBAL.CFG

KFROMfromfile  e:\imail\declude\fromfile.txt x
15 0
KFrom   WARN

Line from $DEFAULT$.JUNKMAIL

KFROM   WARN X-RBL-Warning: This E-mail failed the KILL File test

Thanks
Bennie



---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Kill List not working.....

2004-02-10 Thread Jason
Ah, but the Kill.lst is an envelope rejection.  It saves many more
resources this way.

Jason


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Tuesday, February 10, 2004 2:03 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] Kill List not working.


Bennie, blocking spammers by their domain name only is a losing
proposition. You're already using SBL... I'd suggest that you also
implement the SORBS tests and the MAILPOLICE tests.  

Checking my own spam, we also received mail from this spammer, but we
caught it without having to check for their domain name du jeur.

Andrew.

-Original Message-
From: Bennie [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 10, 2004 3:18 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Kill List not working.


Hello all.

I was asked some time ago to add a domail to my kill list.. I added it.
But the customer is still recieving spam from this domail.  They sent me
the headers (I have them listed below) and I see the domail in the
headers.  but I never see where it failed the KillList.

Headers---

Received: from mail.ramthehole.com [66.110.74.50] by mail.pepperlink.net
  (SMTPD32-8.05) id A398669F0140; Mon, 09 Feb 2004 23:52:40 -0500
Date: Mon, 09 Feb 2004 23:57:24 -0500
Subject: Exclusive X-Soaked Model Photos
From: Budapest Bukkake [EMAIL PROTECTED]
To:
Return-Path: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
X-Mailer: Mailer Software (rev. 01/15/2004)
Message-Id: [EMAIL PROTECTED]
MIME-version: 1.0
Content-type: multipart/alternative; boundary=iqxhhbldriaiwihk
X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12919
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 66.110.74.50
with no reverse DNS entry.
X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of
10.
X-Declude-Sender: [EMAIL PROTECTED] [66.110.74.50]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com)
for spam.
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
[12]
X-Note: QueInControl: D6398669f014033a3.SMD (1)
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
[12]
X-Note: RDNS Real Origin: [No Reverse DNS][66.110.74.50]
X-Note: SMTP Real From: [EMAIL PROTECTED]
X-Note: SMTP Real To:
X-Note: This E-mail was sent from [No Reverse DNS] ([66.110.74.50]).
X-RBL-Warning: Total spam weight of this E-mail is 12.
X-RCPT-TO:
Status: U
X-UIDL: 374908735

Here is the entry in my killl list file

.ramthehole.com  ID-20040204-pep007

here is the line from my GLOBAL.CFG

KFROMfromfile  e:\imail\declude\fromfile.txt x
15 0
KFrom   WARN

Line from $DEFAULT$.JUNKMAIL

KFROM   WARN X-RBL-Warning: This E-mail failed the KILL File test

Thanks
Bennie



---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface

2004-02-10 Thread Bill
 similar to yours.  How do you create the whitelist and
 blacklist options for individual users?  Do you put those 
 lines in the username.junkmail file, or simply reference it 
 in their .junkmail file? How do you feel about sharing some 
 of your code for that to kind of give me a head start?
 
 Jim O'Keefe

For the whitelist/blacklist, I am using WAMCHECK.EXE (another program by
me).  The web page interface creates the user.wamcheck file.  You can
get more info and download it (for free) @:

www.wamusa.com/wamcheck

I am going to go ahead a start working on a distribution package for the
spam level and whitelist/blacklist page.  I should have something that
you can use by early next week.  I will send you the files to experiment
with then.

I will also notify the other people that have expressed an interest.
Anyone else interested, send me an e-mail on or off list.

Thanks,
Bill



-Original Message-
From: Bill [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 10, 2004 11:17 AM
To: [EMAIL PROTECTED]
Subject: RE: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface



This is my interface.  I am considering making a distribution package if
there is a demand.  Take a look using the demo account:

Username:   johnd
Password:   password

Url:http://spamstats.wamusa.com/myspam.asp?page=rules

Please comment or send an e-mail directly to me.

Thanks,
Bill


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface

2004-02-10 Thread Bill
 I like this idea - where does it make the changes?  Does it
 create a username.junkfile for each user in the domain?


When the spam level or action is selected, it creates the user.junkfile
file.  

Also, see my previous post for more information. I will send you more
info off list next week.

Bill.

 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Bill
 Sent: Tuesday, February 10, 2004 9:17 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Re[4]: [Declude.JunkMail] JunkMail User Friendly 
 Interface
 
 
 This is my interface.  I am considering making a distribution 
 package if there is a demand.  Take a look using the demo account:
 
 Username: johnd
 Password: password
 
 Url:  http://spamstats.wamusa.com/myspam.asp?page=rules
 
 Please comment or send an e-mail directly to me.
 
 Thanks,
 Bill
 
 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Kill List not working.....

2004-02-10 Thread Colbeck, Andrew
Ah, perhaps you have more time to spend on your antispam system than I do!

Andrew 8)

-Original Message-
From: Jason [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 10, 2004 12:14 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Kill List not working.


Ah, but the Kill.lst is an envelope rejection.  It saves many more
resources this way.

Jason


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Tuesday, February 10, 2004 2:03 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] Kill List not working.


Bennie, blocking spammers by their domain name only is a losing
proposition. You're already using SBL... I'd suggest that you also
implement the SORBS tests and the MAILPOLICE tests.  

Checking my own spam, we also received mail from this spammer, but we
caught it without having to check for their domain name du jeur.

Andrew.

-Original Message-
From: Bennie [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 10, 2004 3:18 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Kill List not working.


Hello all.

I was asked some time ago to add a domail to my kill list.. I added it.
But the customer is still recieving spam from this domail.  They sent me
the headers (I have them listed below) and I see the domail in the
headers.  but I never see where it failed the KillList.

Headers---

Received: from mail.ramthehole.com [66.110.74.50] by mail.pepperlink.net
  (SMTPD32-8.05) id A398669F0140; Mon, 09 Feb 2004 23:52:40 -0500
Date: Mon, 09 Feb 2004 23:57:24 -0500
Subject: Exclusive X-Soaked Model Photos
From: Budapest Bukkake [EMAIL PROTECTED]
To:
Return-Path: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
X-Mailer: Mailer Software (rev. 01/15/2004)
Message-Id: [EMAIL PROTECTED]
MIME-version: 1.0
Content-type: multipart/alternative; boundary=iqxhhbldriaiwihk
X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12919
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 66.110.74.50
with no reverse DNS entry.
X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of
10.
X-Declude-Sender: [EMAIL PROTECTED] [66.110.74.50]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com)
for spam.
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
[12]
X-Note: QueInControl: D6398669f014033a3.SMD (1)
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
[12]
X-Note: RDNS Real Origin: [No Reverse DNS][66.110.74.50]
X-Note: SMTP Real From: [EMAIL PROTECTED]
X-Note: SMTP Real To:
X-Note: This E-mail was sent from [No Reverse DNS] ([66.110.74.50]).
X-RBL-Warning: Total spam weight of this E-mail is 12.
X-RCPT-TO:
Status: U
X-UIDL: 374908735

Here is the entry in my killl list file

.ramthehole.com  ID-20040204-pep007

here is the line from my GLOBAL.CFG

KFROMfromfile  e:\imail\declude\fromfile.txt x
15 0
KFrom   WARN

Line from $DEFAULT$.JUNKMAIL

KFROM   WARN X-RBL-Warning: This E-mail failed the KILL File test

Thanks
Bennie



---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Kill List not working.....

2004-02-10 Thread Bennie
Thanks for the help guys.  Andrew.. I have the sorbs inplace but I see it
did not fail those..  what is the line for mailpolice?

Bennie

- Original Message - 
From: Colbeck, Andrew [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 10, 2004 3:34 PM
Subject: RE: [Declude.JunkMail] Kill List not working.


 Ah, perhaps you have more time to spend on your antispam system than I do!

 Andrew 8)

 -Original Message-
 From: Jason [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, February 10, 2004 12:14 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [Declude.JunkMail] Kill List not working.


 Ah, but the Kill.lst is an envelope rejection.  It saves many more
 resources this way.

 Jason


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
 Sent: Tuesday, February 10, 2004 2:03 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [Declude.JunkMail] Kill List not working.


 Bennie, blocking spammers by their domain name only is a losing
 proposition. You're already using SBL... I'd suggest that you also
 implement the SORBS tests and the MAILPOLICE tests.

 Checking my own spam, we also received mail from this spammer, but we
 caught it without having to check for their domain name du jeur.

 Andrew.

 -Original Message-
 From: Bennie [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, February 10, 2004 3:18 AM
 To: [EMAIL PROTECTED]
 Subject: [Declude.JunkMail] Kill List not working.


 Hello all.

 I was asked some time ago to add a domail to my kill list.. I added it.
 But the customer is still recieving spam from this domail.  They sent me
 the headers (I have them listed below) and I see the domail in the
 headers.  but I never see where it failed the KillList.

 Headers---

 Received: from mail.ramthehole.com [66.110.74.50] by mail.pepperlink.net
   (SMTPD32-8.05) id A398669F0140; Mon, 09 Feb 2004 23:52:40 -0500
 Date: Mon, 09 Feb 2004 23:57:24 -0500
 Subject: Exclusive X-Soaked Model Photos
 From: Budapest Bukkake [EMAIL PROTECTED]
 To:
 Return-Path: [EMAIL PROTECTED]
 X-Sender: [EMAIL PROTECTED]
 X-Mailer: Mailer Software (rev. 01/15/2004)
 Message-Id: [EMAIL PROTECTED]
 MIME-version: 1.0
 Content-type: multipart/alternative; boundary=iqxhhbldriaiwihk
 X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12919
 X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 66.110.74.50
 with no reverse DNS entry.
 X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of
 10.
 X-Declude-Sender: [EMAIL PROTECTED] [66.110.74.50]
 X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com)
 for spam.
 X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
 [12]
 X-Note: QueInControl: D6398669f014033a3.SMD (1)
 X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
 [12]
 X-Note: RDNS Real Origin: [No Reverse DNS][66.110.74.50]
 X-Note: SMTP Real From: [EMAIL PROTECTED]
 X-Note: SMTP Real To:
 X-Note: This E-mail was sent from [No Reverse DNS] ([66.110.74.50]).
 X-RBL-Warning: Total spam weight of this E-mail is 12.
 X-RCPT-TO:
 Status: U
 X-UIDL: 374908735

 Here is the entry in my killl list file

 .ramthehole.com  ID-20040204-pep007

 here is the line from my GLOBAL.CFG

 KFROMfromfile  e:\imail\declude\fromfile.txt x
 15 0
 KFrom   WARN

 Line from $DEFAULT$.JUNKMAIL

 KFROM   WARN X-RBL-Warning: This E-mail failed the KILL File test

 Thanks
 Bennie



 ---
 [This E-mail scanned for viruses by Declude Virus]

 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
 unsubscribe Declude.JunkMail.  The archives can be found at
 http://www.mail-archive.com.
 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
 unsubscribe Declude.JunkMail.  The archives can be found at
 http://www.mail-archive.com.

 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 [This E-mail scanned for viruses by Declude Virus]




---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude 

RE: [Declude.JunkMail] Kill List not working.....

2004-02-10 Thread Colbeck, Andrew
No problem, Bennie.  The MailPolice tests are RHSBL tests, which means that
they test the domain name instead of of the IP address of the sender:

# For information on these tests, see  http://rhs.mailpolice.com/
MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 5  0
MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 10 0

You can set the weights according to your own traffic and your measure of
trust in these lists.  And of course you need a corresponding action like
MAILPOLICE-BULK WARN in your global.cfg or your domain specific
$default$.junkmail

Also, the listing for the sending IP is still in the SORBS test I saw
triggered, so perhaps you're not using all of the SORBS tests:

# For more information on these tests, see http://www.dnsbl.sorbs.net/
# Hosts that send spam and netblocks of providers that support spammers
# sometimes includes abused providers like Sympatico and ATT
SORBS-SPAM ip4r dnsbl.sorbs.net 127.0.0.6 4 0

There are something like a dozen SORBS tests, and you may not be interested
in all of them, and you may want to score them differently.  For example, I
use SORBS-SPAM but I give it a low weight, but I also use SORBS-ZOMBIE and
give it a much higher weight.

Andrew 8)

-Original Message-
From: Bennie [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 10, 2004 1:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Kill List not working.


Thanks for the help guys.  Andrew.. I have the sorbs inplace but I see it
did not fail those..  what is the line for mailpolice?

Bennie

- Original Message - 
From: Colbeck, Andrew [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 10, 2004 3:34 PM
Subject: RE: [Declude.JunkMail] Kill List not working.


 Ah, perhaps you have more time to spend on your antispam system than I do!

 Andrew 8)

 -Original Message-
 From: Jason [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, February 10, 2004 12:14 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [Declude.JunkMail] Kill List not working.


 Ah, but the Kill.lst is an envelope rejection.  It saves many more
 resources this way.

 Jason


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
 Sent: Tuesday, February 10, 2004 2:03 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [Declude.JunkMail] Kill List not working.


 Bennie, blocking spammers by their domain name only is a losing
 proposition. You're already using SBL... I'd suggest that you also
 implement the SORBS tests and the MAILPOLICE tests.

 Checking my own spam, we also received mail from this spammer, but we
 caught it without having to check for their domain name du jeur.

 Andrew.

 -Original Message-
 From: Bennie [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, February 10, 2004 3:18 AM
 To: [EMAIL PROTECTED]
 Subject: [Declude.JunkMail] Kill List not working.


 Hello all.

 I was asked some time ago to add a domail to my kill list.. I added it.
 But the customer is still recieving spam from this domail.  They sent me
 the headers (I have them listed below) and I see the domail in the
 headers.  but I never see where it failed the KillList.

 Headers---

 Received: from mail.ramthehole.com [66.110.74.50] by mail.pepperlink.net
   (SMTPD32-8.05) id A398669F0140; Mon, 09 Feb 2004 23:52:40 -0500
 Date: Mon, 09 Feb 2004 23:57:24 -0500
 Subject: Exclusive X-Soaked Model Photos
 From: Budapest Bukkake [EMAIL PROTECTED]
 To:
 Return-Path: [EMAIL PROTECTED]
 X-Sender: [EMAIL PROTECTED]
 X-Mailer: Mailer Software (rev. 01/15/2004)
 Message-Id: [EMAIL PROTECTED]
 MIME-version: 1.0
 Content-type: multipart/alternative; boundary=iqxhhbldriaiwihk
 X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12919
 X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 66.110.74.50
 with no reverse DNS entry.
 X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of
 10.
 X-Declude-Sender: [EMAIL PROTECTED] [66.110.74.50]
 X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com)
 for spam.
 X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
 [12]
 X-Note: QueInControl: D6398669f014033a3.SMD (1)
 X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
 [12]
 X-Note: RDNS Real Origin: [No Reverse DNS][66.110.74.50]
 X-Note: SMTP Real From: [EMAIL PROTECTED]
 X-Note: SMTP Real To:
 X-Note: This E-mail was sent from [No Reverse DNS] ([66.110.74.50]).
 X-RBL-Warning: Total spam weight of this E-mail is 12.
 X-RCPT-TO:
 Status: U
 X-UIDL: 374908735

 Here is the entry in my killl list file

 .ramthehole.com  ID-20040204-pep007

 here is the line from my GLOBAL.CFG

 KFROMfromfile  e:\imail\declude\fromfile.txt x
 15 0
 KFrom   WARN

 Line from $DEFAULT$.JUNKMAIL

 KFROM   WARN X-RBL-Warning: This E-mail failed the KILL File test

 Thanks
 Bennie



 ---
 [This E-mail scanned for viruses by Declude Virus]

 

RE: [Declude.JunkMail] Kill List not working.....

2004-02-10 Thread Katie La Salle-Lowery


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Tuesday, February 10, 2004 1:34 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] Kill List not working.


Ah, perhaps you have more time to spend on your antispam system than I
do!

Andrew 8)

-Original Message-
From: Jason [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 10, 2004 12:14 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Kill List not working.


Ah, but the Kill.lst is an envelope rejection.  It saves many more
resources this way.

Jason


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Tuesday, February 10, 2004 2:03 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] Kill List not working.


Bennie, blocking spammers by their domain name only is a losing
proposition. You're already using SBL... I'd suggest that you also
implement the SORBS tests and the MAILPOLICE tests.  

Checking my own spam, we also received mail from this spammer, but we
caught it without having to check for their domain name du jeur.

Andrew.

-Original Message-
From: Bennie [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 10, 2004 3:18 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Kill List not working.


Hello all.

I was asked some time ago to add a domail to my kill list.. I added it.
But the customer is still recieving spam from this domail.  They sent me
the headers (I have them listed below) and I see the domail in the
headers.  but I never see where it failed the KillList.

Headers---

Received: from mail.ramthehole.com [66.110.74.50] by mail.pepperlink.net
  (SMTPD32-8.05) id A398669F0140; Mon, 09 Feb 2004 23:52:40 -0500
Date: Mon, 09 Feb 2004 23:57:24 -0500
Subject: Exclusive X-Soaked Model Photos
From: Budapest Bukkake [EMAIL PROTECTED]
To:
Return-Path: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
X-Mailer: Mailer Software (rev. 01/15/2004)
Message-Id: [EMAIL PROTECTED]
MIME-version: 1.0
Content-type: multipart/alternative; boundary=iqxhhbldriaiwihk
X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12919
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 66.110.74.50
with no reverse DNS entry.
X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of
10.
X-Declude-Sender: [EMAIL PROTECTED] [66.110.74.50]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com)
for spam.
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
[12]
X-Note: QueInControl: D6398669f014033a3.SMD (1)
X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10
[12]
X-Note: RDNS Real Origin: [No Reverse DNS][66.110.74.50]
X-Note: SMTP Real From: [EMAIL PROTECTED]
X-Note: SMTP Real To:
X-Note: This E-mail was sent from [No Reverse DNS] ([66.110.74.50]).
X-RBL-Warning: Total spam weight of this E-mail is 12.
X-RCPT-TO:
Status: U
X-UIDL: 374908735

Here is the entry in my killl list file

.ramthehole.com  ID-20040204-pep007

here is the line from my GLOBAL.CFG

KFROMfromfile  e:\imail\declude\fromfile.txt x
15 0
KFrom   WARN

Line from $DEFAULT$.JUNKMAIL

KFROM   WARN X-RBL-Warning: This E-mail failed the KILL File test

Thanks
Bennie



---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail scanned for viruses by CENTRIC INTERNET SERVICES]




---
[This E-mail scanned for viruses by CENTRIC INTERNET SERVICES]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe 

[Declude.JunkMail] Perplexed -- false positives on HELOBOGUS AND CATCHALLMAILS

2004-02-10 Thread Katie La Salle-Lowery
Title: Message



As of today I've got 
something odd going on with our Declude Junkmail. Any assistance would be 
great appreciated!

A great many emails 
are failing HELOBOGUS and CATCHALLMAILS (which is commented out in my default 
junkmail file).

Here is one example 
header:

Received: from 
eciexchange.ECI [63.160.64.141] by mail.centric.net with ESMTP 
(SMTPD32-8.05) id A3421E7500AE; Tue, 10 Feb 2004 10:22:10 
-0700content-class: urn:content-classes:messageMIME-Version: 
1.0Content-Type: 
text/plain;charset="iso-8859-1"Content-Transfer-Encoding: 
quoted-printableSubject: test message at 10:20X-MimeOLE: Produced By 
Microsoft Exchange V6.0.6249.0Date: Tue, 10 Feb 2004 10:24:41 
-0700Message-ID: [EMAIL PROTECTED]X-MS-Has-Attach: 
X-MS-TNEF-Correlator: Thread-Topic: test message at 
10:20Thread-Index: AcPv+sQ9Ad5U9lRhT8C4qVudgOLZJw==From: "Ken DeCosta" 
[EMAIL PROTECTED]To: 
[EMAIL PROTECTED]X-RBL-Warning: 
HELOBOGUS: Domain eciexchange.ECI has no MX or A records.X-Note: This E-mail 
was scanned by Centric Internet Services for spam.X-Spam-Tests-Failed: 
HELOBOGUS, CATCHALLMAILSX-RCPT-TO: [EMAIL PROTECTED]Status: 
UX-UIDL: 349899319

Here's my default 
config (I just changed action on HELOBOGUS from delete to warn a few 
minutes ago):

DSBLDELETEORDBDELETESPAMCOPDELETEDSNDELETENOABUSEWARNNOPOSTMASTERWARNBADHEADERSSUBJECTHELOBOGUSWARNMAILFROM 
WARNPERCENTDELETEREVDNSWARNSPAMHEADERSSUBJECTAHBLDELETEDSBLMULTIDELETENJABLDELETERSLDELETESBLDELETESORB-SMTPDELETE

#SNIFFERBOUNCE

WEIGHT10DELETE#WEIGHT15DELETE#WEIGHT20DELETE

## The following tests are commented out by default because they 
are not commonly# used (or require a subscription).#

#BADWHOISWARN#BLARSWARN#CATCHALLMAILSWARN#COMPUWARN#DEVNULLWARN#DORKSWARN#DORKZTLWARN#DSBLALLWARN#DUL 
WARN#FIVETENDULWARN#FIVETENOPTINWARN#FIVETENOTHERWARN#FIVETENSRCWARN#FLOWGO 
WARN#GUARDBLOCKWARN#GUARDBULKWARN#GUARDDULWARN#GUARDMULTIWARN#GUARDSINGLEWARN#GUARDSRCWARN#HEURWARN#INTERSILWARN#IPWHOISWARN#NJABLWARN#NJABLDULWARN#POSTFIXGATEWARNRBLWARN#RSSWARN#SELWERDWARNSPAMBAGWARN#SPAMTRWARN#SUMMITWARN#V6NETWARN#VISIWARN#WIREHUB-DNSBLWARN#WIREHUB-DYNAWARN#ZTAWARN

#RBLWARN#DULWARN#RBL+DULWARN#RSSWARN#RBL+RSSWARN#DUL+RSSWARN#MAPSALLWARN


Re: [Declude.JunkMail] Perplexed -- false positives on HELOBOGUS AND CATCHALLMAILS

2004-02-10 Thread R. Scott Perry

As of today I've got something odd going on with our Declude 
Junkmail.  Any assistance would be great appreciated!

A great many emails are failing HELOBOGUS and CATCHALLMAILS (which is 
commented out in my default junkmail file).
All E-mails fail CATCHALLMAILS.  So that isn't an issue.

Here is one example header:

Received: from eciexchange.ECI [63.160.64.141] by mail.centric.net with ESMTP
  (SMTPD32-8.05) id A3421E7500AE; Tue, 10 Feb 2004 10:22:10 -0700
This E-mail had a HELO/EHLO of exiexchange.ECI, which isn't a valid host 
name, so it appropriately failed the HELOBOGUS test.

DSBL  DELETE
ORDB  DELETE
SPAMCOP  DELETE
DSN  DELETE
NOABUSE  WARN
NOPOSTMASTER WARN
BADHEADERS SUBJECT
HELOBOGUS WARN
MAILFROMWARN
PERCENT  DELETE
REVDNS  WARN
SPAMHEADERS SUBJECT
AHBL  DELETE
DSBLMULTI DELETE
NJABL  DELETE
RSL  DELETE
SBL  DELETE
SORB-SMTP DELETE
These are very strict settings.  Note that we normally recommend using the 
weighting system -- otherwise, you will likely see a fair amount of 
legitimate mail get blocked.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] $default$ Redirect warning when it shouldn't

2004-02-10 Thread James Nelson
Our server is set up so that by default, spam filter is not enabled.  
This is done by where the $default$.junkmail file set to IGNORE all 
tests, and is followed by a REDIRECT email %path%\enabled.junkmail.  
This enabled.junkmail is a basic config that WARNs if tests fail.  And 
if it fails our weight test, it gets forwarded to a spam mail folder.

However, we are running into several cases where an email account is 
getting the header warnings for tests that it fails, and getting 
forwarded when it is not set up in a REDIRECT statement.  I've also 
tried commenting out all the tests, but these accouts are still being 
picked up.  I've looked through the history of our $default$.junkmail 
file (we keep several older copies of it, since it changes every time we 
get new signups), and I am not finding instances of this email address 
in it.

Any suggestions on how to troubleshoot why this is warning when it 
shouldn't?  Or suggestions on how to fix it?

Declude is version 1.75 Pro
IMail is version 8.03 Pro
Thanks,
::James Nelson
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re[2]: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Sanford Whiteman
 However,  had  the  proper  cable been available, we would have been
 greatly overly complicating matters.

Indeed,  your  proper  cable  already  exists  in  the  form  of the
everything  but  recipient  list  in  ORF, as I mentioned in my last
message. I think you should use it.

 I  guess  what  I'm  saying  is  if  you  can  do it without LDAP or
 ActiveDirectory,  why  not  do  it  without LDAP or ActiveDirectory.

There's  a  difference between doing it and doing it right, of course.
For your environment and traffic, ORF alone might well do it right, so
go for it. My issue is with encouraging the _development_ of subpar or
non-scaleable  solutions.  If the application _already exists_, on the
other  hand,  it should be used and tweaked in as many ways as you can
(witness our continued use of IMail!). :)

 I  just  think  that  supporting  a  distributed LDAP environment is
 unnecessary  if  done  solely  for  the  purpose  of storing several
 hundred to several tens of thousands of E-mail addresses.

Several  hundred  in  an unindexed in-memory array would probably work
jsut  fine.  Tens of thousands is a very, very different story. Again,
you  seem  to  be  missing  the point in thinking these two situations
don't  present  different  requirements.  Solely  for  the purpose of
scaleability is one of the purest and most commendable motivations in
application  design, since it encompasses both in the wild stability
and  performance  under  a  simple  umbrella.  Far  from a dirty word,
scaleability  is  what  makes so many open-source projects work in the
enterprise,   despite  their  many  other  foibles.  If  you  start  a
development  project  with  an express disregard for it, count out the
most capable programmers.

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Perplexed -- false positives on HELOBOGUS AND CATCHALLMAILS

2004-02-10 Thread R. Scott Perry

Okay, but why is CATCHALLMAILS even coming into play?  I had it
commented out (always have).  It has never shown up as a warning in the
headers before.  Just started showing up.
If you don't want the CATCHALLMAILS test to run at all, you would need to 
comment it out of the global.cfg file -- the $default$.JunkMail file just 
determines which actions to take.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] $default$ Redirect warning when it shouldn't

2004-02-10 Thread R. Scott Perry

However, we are running into several cases where an email account is 
getting the header warnings for tests that it fails, and getting forwarded 
when it is not set up in a REDIRECT statement.  I've also tried commenting 
out all the tests, but these accouts are still being picked up.
The first question:  Are the E-mails in question addressed to multiple 
users, one or more of whom have spam filtering enabled (in which case the 
actions are being taken due to those other recipients)?

If that isn't the case, you may want to temporarily use LOGLEVEL HIGH (in 
the global.cfg file), which will record which config file Declude JunkMail 
is using, which can help track down the problem.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Matt




Sanford Whiteman wrote:

  Jsut  fine.  Tens of thousands is a very, very different story. Again,
you  seem  to  be  missing  the point in thinking these two situations
don't  present  different  requirements.  "Solely  for  the purpose of
scaleability" is one of the purest and most commendable motivations in
application  design, since it encompasses both "in the wild" stability
and  performance  under  a  simple  umbrella.  Far  from a dirty word,
scaleability  is  what  makes so many open-source projects work in the
enterprise,   despite  their  many  other  foibles.  If  you  start  a
development  project  with  an express disregard for it, count out the
most capable programmers.
  


My friend is one of the most capable programmers that you will find,
he's done a great deal of work in the last 5 years within Microsoft's
framework, and I don't expect for this to be a challenge for him. I'm
still waiting to see if he wants to take this on.

In terms of scale, I would expect to see a server handle not much more
than 500,000 messages in a full Declude/IMail environment, and with an
average of more than 10 pieces of spam per address per day, a solution
of this sort would need to effectively resolve against 50,000 or so
E-mail addresses. While I'm not at all sure how to properly index this
information for rapid use, I do know that you could split the data into
user and domain, and first query the domain, and then the user, and
that would likely mean for the most part that you would need to do one
query (full string match) on about 1,000 domains, and then another
query on an average of maybe 50 user addresses. Pete over at Sniffer
has figured out how to search the entire source of a message with tens
of thousands of rules complete with wildcards, and he does that quite
efficiently considering that the application loads the entire rule base
every time it is hit with a message. I think a capable programmer
would not at all be bothered by the demands. There's absolutely no
reason why this couldn't be done.

If you have a recommendation for how to best handle the task where data
is initially sourced from a text file, please share it and I will pass
that on.

Thanks,

Matt
-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=




[Declude.JunkMail] Spam Review and ISO recognition

2004-02-10 Thread Mike Gable



Hi. I use Spam 
Review to review held messages and usually it dispays the ISO encoded subjects 
as it's ISO self and not as the interpreted text.

This is the DECLUDE 
log entry for an email that triggered on these content 
filters:

SUBJECT 2 CONTAINS 
-
SUBJECT 2 CONTAINS 
=
SUBJECT 2 CONTAINS 
?
SUBJECT 10 CONTAINS 
=?ISO-8859-


02/10/2004 16:53:57 Q7d071b8e004cf847 
Triggered CONTAINS filter on - [weight-2; 
-8859-1?B?QW5ub3VuY2luZyBUZWNo].02/10/2004 16:53:57 Q7d071b8e004cf847 
Triggered CONTAINS filter on = [weight-2; 
=?ISO-8859-1?B?QW5ub3VuY2luZyB].02/10/2004 16:53:57 Q7d071b8e004cf847 
Triggered CONTAINS filter on ? [weight-2; 
?ISO-8859-1?B?QW5ub3VuY2luZyBU].02/10/2004 16:53:57 Q7d071b8e004cf847 
Triggered CONTAINS filter on =?ISO-8859- [weight-10; 
=?ISO-8859-1?B?QW5ub3VuY2luZyB].02/10/2004 16:53:57 Q7d071b8e004cf847 
Triggered CONTAINS filter on .m0.net [weight--10; .m0.net].02/10/2004 
16:53:57 Q7d071b8e004cf847 ALLIGATESPAM1:10 CONTENT:6 INTERSIL:7 SPAMCOP:7 
. Total weight = 3002/10/2004 16:53:57 Q7d071b8e004cf847 Using 
[incoming] CFG file D:\IMail\Declude\$default$.junkmail.02/10/2004 16:53:57 
Q7d071b8e004cf847 Msg failed ALLIGATESPAM1 (Message failed ALLIGATESPAM1: 38.). 
Action="">02/10/2004 16:53:57 Q7d071b8e004cf847 Msg failed CONTENT 
(Message failed CONTENT test (1174)). Action="">02/10/2004 16:53:57 
Q7d071b8e004cf847 Msg failed INTERSIL (116.164.11.209.blackholes.intersil.net.). 
Action="">02/10/2004 16:53:57 Q7d071b8e004cf847 Msg failed SPAMCOP 
(Blocked - see http://www.spamcop.net/bl.shtml?209.11.164.116). Action="">02/10/2004 16:53:57 Q7d071b8e004cf847 Msg failed 
WEIGHT10 (Weight of 30 reaches or exceeds the limit of 10.). 
Action="">02/10/2004 16:53:57 Q7d071b8e004cf847 Msg failed WEIGHT25 
(Weight of 30 reaches or exceeds the limit of 25.). Action="">02/10/2004 
16:53:57 Q7d071b8e004cf847 Subject: 
=?ISO-8859-1?B?QW5ub3VuY2luZyBUZWNot0VkIDIwMDQgLSBSZWdpc3RlciB0b2RheSE=?=02/10/2004 
16:53:57 Q7d071b8e004cf847 From: [EMAIL PROTECTED] 
To:snip IP: 209.11.164.116 ID: 
02/10/2004 16:53:57 Q7d071b8e004cf847 Last action = "">



However, the subject 
in the header infois showing plain text according to Spam Review, which 
recognizes other emails sent in the ISO format, but not this one for some 
reason.

Below is the header 
of the message copied from Spam Review (And, yes, the SMD file name is the same 
as the one above):


Reply-to: [EMAIL PROTECTED]To: 
snipSubject: Announcing 
Tech·Ed 2004 - Register today!Errors-to: [EMAIL PROTECTED]Mime-Version: 
1.0Content-Type: multipart/alternative; 
boundary="---=_NEXT_faa20bab1d"X-cid: 11679481062X-pid: 
301950X-Alligate-In: FAILED - Score Adult: 0 (Req: 18) Spam: 38 (Req: 18) 
Tot: 38 (Req: 25)X-Alligate-Tracking: 
F78E7AFE030A779BX-Alligate-Signature: 1936898440X-Alligate-SpoolFile: 
D7d071b8e004cf847.SMDX-Alligate-Sender: [EMAIL PROTECTED] 
[209.11.164.116]X-RBL-Warning: ALLIGATESPAM1: Message failed ALLIGATESPAM1: 
38.X-RBL-Warning: CONTENT: Message failed CONTENT test 
(1174)X-RBL-Warning: INTERSIL: 
116.164.11.209.blackholes.intersil.net.X-RBL-Warning: SPAMCOP: Blocked - see 
http://www.spamcop.net/bl.shtml?209.11.164.116X-RBL-Warning: 
WEIGHT10: Weight of 30 reaches or exceeds the limit of 10.X-Declude-Sender: 
[EMAIL PROTECTED] 
[209.11.164.116]X-Declude-Spoolname: 
D7d071b8e004cf847.SMDX-Spam-Tests-Failed: ALLIGATESPAM1, CONTENT, INTERSIL, 
SPAMCOP, IPNOTINMX, NOLEGITCONTENT, WEIGHT10, WEIGHT25 [30]


Any ideas would be 
gretly appreciated.

Thank 
you.
-Mike




Re[2]: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Sanford Whiteman
 My friend is one of the most capable programmers that you will find,
 he's  done  a  great  deal  of  work  in  the  last  5  years within
 Microsoft's framework, and I don't expect for this to be a challenge
 for him.

This  is  not  at  all a comment on his skills--many of us program for
Win32 as well--but you're talking about an OS platform whose companion
mail  platform  (Exchange) had no way (zero) to reject at the envelope
until last year.

 In  terms  of  scale, I would expect to see a server handle not much
 more  than 500,000 messages in a full Declude/IMail environment, and
 with  an average of more than 10 pieces of spam per address per day,
 a  solution  of  this sort would need to effectively resolve against
 50,000  or  so  E-mail  addresses.

#  of  messages has no intrinsic relationship to # of users. These are
different  requirements, though they are related insofar as the former
predicts  the  number  of simultaneous lookups against the data source
that  must  be  completed  without  quenching  socket,  memory, or CPU
resources.

In  any  case,  you're  defining this requirement: Must support up to
50,000  addresses.  That's  fine  for  you.  MXs  we  support service
millions  of  accounts  in  constant  flux  due  to  adds and changes.
Something  built  to your requirements would not be sufficient for us.
As  I  mentioned,  however, _even you_ have no need to build anything:
ORF already does what you need.

 While I'm not at all sure how to properly index this information for
 rapid  use,  I  do  know that you could split the data into user and
 domain,  and  first  query  the  domain, and then the user, and that
 would  likely  mean  for the most part that you would need to do one
 query  (full  string match) on about 1,000 domains, and then another
 query on an average of maybe 50 user addresses.

You're goldmanning--I guess that's the opposite of strawman :)--one of
a  zillion  use  cases to match your design, so that's not an accurate
general  depiction  of  MXs  that accept mail for 50,000 accounts. Our
largest  installations by user count have very small numbers by domain
count.

 Pete over at Sniffer has figured out how to search the entire source
 of  a  message  with  tens  of  thousands  of  rules  complete  with
 wildcards,  and  he does that quite efficiently considering that the
 application  loads  the entire rule base every time it is hit with a
 message.

A   very   different   task.   I   won't  bother  you  with  any  more
differentiators.  Suffice  it to say that tens of thousands of objects
is  not a realistic target for a scaleable mail application. It may be
a  realistic  target for a particular deployment. I am not questioning
that it may work for you, but (see below) there's nothing to build!

 I  think  a  capable  programmer would not at all be bothered by the
 demands. There's absolutely no reason why this couldn't be done.

My  ultimate  point  is  that  _there  is no reason for anything to be
written_.  If  you  want  50,000 users and text file input is what you
want,  use  ORF. Geez, it's 99 bucks. Vamsoft has done a very fine job
with their product.

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Matt




Sandy,

I would prefer to pay $99 for a product that did what I wanted it to.
My issue is that I don't want to rely on AD or LDAP, though I would
consider a DNS implementation (with translation of addresses to valid
values, like [EMAIL PROTECTED] becomes
matt.mail.example.com.my-filter-domain.com).

If VAMsoft builds this, please let me know. If I find that there is no
interest on the part of my friend in programming this, I may very well
think about going the LDAP route for lack of the "proper cable."

:)

Matt



Sanford Whiteman wrote:

  
My friend is one of the most capable programmers that you will find,
he's  done  a  great  deal  of  work  in  the  last  5  years within
Microsoft's framework, and I don't expect for this to be a challenge
for him.

  
  
This  is  not  at  all a comment on his skills--many of us program for
Win32 as well--but you're talking about an OS platform whose companion
mail  platform  (Exchange) had no way (zero) to reject at the envelope
until last year.

  
  
In  terms  of  scale, I would expect to see a server handle not much
more  than 500,000 messages in a full Declude/IMail environment, and
with  an average of more than 10 pieces of spam per address per day,
a  solution  of  this sort would need to effectively resolve against
50,000  or  so  E-mail  addresses.

  
  
#  of  messages has no intrinsic relationship to # of users. These are
different  requirements, though they are related insofar as the former
predicts  the  number  of simultaneous lookups against the data source
that  must  be  completed  without  quenching  socket,  memory, or CPU
resources.

In  any  case,  you're  defining this requirement: "Must support up to
50,000  addresses."  That's  fine  for  you.  MXs  we  support service
millions  of  accounts  in  constant  flux  due  to  adds and changes.
Something  built  to your requirements would not be sufficient for us.
As  I  mentioned,  however, _even you_ have no need to build anything:
ORF already does what you need.

  
  
While I'm not at all sure how to properly index this information for
rapid  use,  I  do  know that you could split the data into user and
domain,  and  first  query  the  domain, and then the user, and that
would  likely  mean  for the most part that you would need to do one
query  (full  string match) on about 1,000 domains, and then another
query on an average of maybe 50 user addresses.

  
  
You're goldmanning--I guess that's the opposite of strawman :)--one of
a  zillion  use  cases to match your design, so that's not an accurate
general  depiction  of  MXs  that accept mail for 50,000 accounts. Our
largest  installations by user count have very small numbers by domain
count.

  
  
Pete over at Sniffer has figured out how to search the entire source
of  a  message  with  tens  of  thousands  of  rules  complete  with
wildcards,  and  he does that quite efficiently considering that the
application  loads  the entire rule base every time it is hit with a
message.

  
  
A   very   different   task.   I   won't  bother  you  with  any  more
differentiators.  Suffice  it to say that tens of thousands of objects
is  not a realistic target for a scaleable mail application. It may be
a  realistic  target for a particular deployment. I am not questioning
that it may work for you, but (see below) there's nothing to build!

  
  
I  think  a  capable  programmer would not at all be bothered by the
demands. There's absolutely no reason why this couldn't be done.

  
  
My  ultimate  point  is  that  _there  is no reason for anything to be
written_.  If  you  want  50,000 users and text file input is what you
want,  use  ORF. Geez, it's 99 bucks. Vamsoft has done a very fine job
with their product.

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


  


-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=




Re[2]: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Sanford Whiteman
 If  VAMsoft builds this, please let me know. If I find that there is
 no interest on the part of my friend in programming this, I may very
 well  think  about  going  the  LDAP  route  for lack of the proper
 cable.

Did  you  fail  to read (twice) the part of my posts about the accept
only for these users option in ORF, which is loaded from a text file?

This has nothing to do with LDAP.

--Sandy




Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Matt
Sanford Whiteman wrote:

Did  you  fail  to read (twice) the part of my posts about the accept
only for these users option in ORF, which is loaded from a text file?
This has nothing to do with LDAP.
 

To be honest, yes, I don't think I saw that in your messages.  Take it 
from a fellow rambler...you could condense things from time to 
time...and maybe spend less time describing how I'm wrong or how 
impossible a task might be :)

I saw a reference to an everybody but blacklists, but their help file 
makes no such reference.  I suppose that you inquired about this 
functionality?  My read of their help file shows that it might be 
possible to blacklist everything, and then whitelist the addresses that 
you want to accept...if they process the whitelist first.  Or maybe this 
is undocumented or at least difficult to find in their documentation.

Nevertheless, thanks for the pointer.

Matt

--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re[2]: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Sanford Whiteman
 To  be  honest, yes, I don't think I saw that in your messages. Take
 it  from  a  fellow rambler...you could condense things from time to
 time...and  maybe  spend  less  time describing how I'm wrong or how
 impossible a task might be :)

Maybe...

 I  saw  a reference to an everybody but blacklists, but their help
 file makes no such reference. I suppose that you inquired about this
 functionality?  My  read  of  their help file shows that it might be
 possible  to  blacklist everything, and then whitelist the addresses
 that you want to accept...if they process the whitelist first.

It's  simple  and built-in functionality, not a tweak or anything like
that  all.  You  simply  enable  the recipient blacklist button in the
everybody  but these people mode (one of two modes). There's no need
to  worry  about processing order. All addresses are in plain-text and
will reload when the ORF service restarts. It's exactly what your spec
suggests.

--Sandy




Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Matt
Sanford Whiteman wrote:

It's  simple  and built-in functionality, not a tweak or anything like
that  all.  You  simply  enable  the recipient blacklist button in the
everybody  but these people mode (one of two modes). There's no need
to  worry  about processing order. All addresses are in plain-text and
will reload when the ORF service restarts. It's exactly what your spec
suggests.
 

I don't have a functioning install, just something on an incapable 
machine which exposes their help files, so I didn't get to see their 
config screens.  This definitely looks like it will work just fine, even 
if it doesn't scale to 50,000 addresses :)

I figure that I'll probably take a look at the IMail to IMGate export 
script that I've seen mentioned before, or maybe a utility on the 
Ipswitch site for generating the locally hosted portion of this file, 
and I'll probably write a database app for managing the gatewayed 
domains, combining the two into a suitable format for ORF.  What I hope 
to do is establish this audit trail for my customers where they have 
almost real-time access to add or remove addresses from the service.  If 
they don't want to maintain a list, then I'll just charge them a bit 
more since that means more utilization.  Best of both worlds I figure.  
This is also the type of thing that I can handle without much help.

Thanks,

Matt

--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Pete McNeil


In terms of scale, I would expect
to see a server handle not much more than 500,000 messages in a full
Declude/IMail environment, and with an average of more than 10 pieces of
spam per address per day, a solution of this sort would need to
effectively resolve against 50,000 or so E-mail addresses. While
I'm not at all sure how to properly index this information for rapid use,
I do know that you could split the data into user and domain, and first
query the domain, and then the user, and that would likely mean for the
most part that you would need to do one query (full string match) on
about 1,000 domains, and then another query on an average of maybe 50
user addresses. Pete over at Sniffer has figured out how to search
the entire source of a message with tens of thousands of rules complete
with wildcards, and he does that quite efficiently considering that the
application loads the entire rule base every time it is hit with a
message. I think a capable programmer would not at all be bothered
by the demands. There's absolutely no reason why this couldn't be
done.
If you have a recommendation for how to best handle the task where data
is initially sourced from a text file, please share it and I will pass
that on.
Speaking of Sniffer - One thing you might consider is creating a special
rulebase (we do contracts like that) that would contain 50K rules to
match, well, practically any text you wish. We regularly match 50K
heuristics these days in sub 100ms. Perhaps there is a special solution
to be worked out here. We have tools to make this kind of thing
feasible... Depending upon the rate of change, this might not require any
unique software. We have a prototype java based utility for scripting
updates to any rulebase in our system. Contact me off list if you'd like
to pursue this direction.
_M
RESCU - REmote SCripted Updater, accepts an XML file representing
changes/commands for the rulebase and produces a matching XML file
result. Not quite ready for release into the wild, but close.



Re[2]: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Sanford Whiteman
Pete,

Everything  that  Sniffer  does  is  after  submission,  so  it really
wouldn't apply.

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re[2]: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Pete McNeil
Sorry about that - I seem to have stepped into a bit of a tiff. I was 
skimming and saw a Sniffer reference and jumped in - I shouldn't do that (I 
should get more sleep). At any rate, the pattern matching engine can run at 
any point... Sniffer as it is packaged now runs after submission, but the 
engine can easily be used up-front during the SMTP conversation before or 
after DATA. That's just not how it's currently packaged.

The pattern matching engine came from my robotics research and was later 
adapted to fast interpreted scripting engines in he early 80s (When cpus 
and memory were slow and bulky). The concept for robotics was that a 
complex hierarchical reflex mechanism capable of real-time responses would 
be continually tuned by slower analysis engines. What is now inside Message 
Sniffer was once designed to interpret a wide array of sensor data and 
produce complex, directed real-time responses under the guidance 
(symbiotically anyway) of a goal seeking machine learning system. It was a 
kind of autonomic nervous system with a bit of brain-stem attached.

If anybody cares to take the technology to the SMTP end of an email 
application (or even level 3 routing / filtering / switching) it can be 
done extremely well... We have to start somewhere though... So we filter 
spam - go figure.

Anyway, as has been pointed out, for this application there are tools 
available that need no repackaging or development. (even if it might be fun)

Best,
_M
At 11:46 PM 2/10/2004, you wrote:
Pete,

Everything  that  Sniffer  does  is  after  submission,  so  it really
wouldn't apply.
It could be adapted to any application where a rapid recognition and 
response to data patterns is required. For example, picking an email 
address out of an SMTP envelope, or for that matter implementing the entire 
protocol (though that might be a silly thing to do). It does spam filtering 
after submission right now just because it's packaged that way. (I'm not 
bad, I'm just drawn that way... Jessica Rabit)


--Sandy


Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Matt
Pete,

I try not to get too passionate about things around here, so I welcome 
your contribution.  You are correct though, after a couple of days of 
discussion, the solution to this need does appear to exist.

I have a great appreciation for your skill, and your willingness to 
share both insight and code (open source).  If I was a programmer, I 
would probably be spending my time playing with your code as opposed to 
playing with filters in Declude.

While none of this is a technical requirement of mine at the moment, 
there's lots of opportunity I think for someone to make use of the 
things that have appeared in this thread.  In going back to the don't 
have the right cable analogy, it would be great to have a backup MX 
that didn't require IMail (or another full mail server), and I think 
that could be done within MS SMTP without needing to re-create the 
wheel, and maybe more efficiently.  On my wishlist would be the following:

1) Envelope rejection (and all that comes with it).
2) SMTP AUTH (so it can co-exist on the same server as IMail, and handle 
hosted accounts with redundancy).
3) An external application handler that would allow for things like 
Declude JunkMail, Virus, and Message Sniffer.
4) A message splitter, so actions can be based on individual addresses 
instead of individual messages.

If you guys could work this out, Declude in combination with Message 
Sniffer could truly go multi-platform (as far as Windows mail servers 
go).  Who knows, maybe MS SMTP has some serious issues that would make 
you want to avoid it.

BTW, I'm looking forward to the 3.0 features.  Bayesian filtering with 
Sniffer's rule base I believe will significantly strengthen your system, 
though I would like to see your customer submitted data grow so that the 
rule strengths can become more accurate.  Hopefully this will allow one 
to tune their system to their own definition of what spam is, right now 
it's tough in general for us guys that want to accept virtually all 
E-mail from sources that maintain direct relationships.

I've taken to creating my own database for managing this information in 
10 different categories, which then outputs credit files for Declude 
to use.  I'm now thinking that your solution may be more efficient, and 
sometimes more accurate because of greater filtering capability, though 
it can't handle things like reverse DNS entries and the SMTP envelope 
sender...I'll have to give it some thought.  Right now these lists are 
short, and Declude easily handles them in custom filter form.

Matt



Pete McNeil wrote:

Sorry about that - I seem to have stepped into a bit of a tiff. I was 
skimming and saw a Sniffer reference and jumped in - I shouldn't do 
that (I should get more sleep). At any rate, the pattern matching 
engine can run at any point... Sniffer as it is packaged now runs 
after submission, but the engine can easily be used up-front during 
the SMTP conversation before or after DATA. That's just not how it's 
currently packaged.

The pattern matching engine came from my robotics research and was 
later adapted to fast interpreted scripting engines in he early 80s 
(When cpus and memory were slow and bulky). The concept for robotics 
was that a complex hierarchical reflex mechanism capable of real-time 
responses would be continually tuned by slower analysis engines. What 
is now inside Message Sniffer was once designed to interpret a wide 
array of sensor data and produce complex, directed real-time responses 
under the guidance (symbiotically anyway) of a goal seeking machine 
learning system. It was a kind of autonomic nervous system with a bit 
of brain-stem attached.

If anybody cares to take the technology to the SMTP end of an email 
application (or even level 3 routing / filtering / switching) it can 
be done extremely well... We have to start somewhere though... So we 
filter spam - go figure.

Anyway, as has been pointed out, for this application there are tools 
available that need no repackaging or development. (even if it might 
be fun)

Best,
_M
At 11:46 PM 2/10/2004, you wrote:

Pete,

Everything  that  Sniffer  does  is  after  submission,  so  it really
wouldn't apply.


It could be adapted to any application where a rapid recognition and 
response to data patterns is required. For example, picking an email 
address out of an SMTP envelope, or for that matter implementing the 
entire protocol (though that might be a silly thing to do). It does 
spam filtering after submission right now just because it's packaged 
that way. (I'm not bad, I'm just drawn that way... Jessica Rabit)


--Sandy


Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came 

Re[2]: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Sanford Whiteman
 1) Envelope rejection (and all that comes with it).

Already extant, as previously discussed.

 2) SMTP AUTH (so it can co-exist on the same server as IMail, and handle 
 hosted accounts with redundancy).

This is going to be very difficult relative to the other ideas, if you
continue  to  resist AD. With AD as the back end, you can authenticate
to  SMTP using any valid credentials in any permissioned context. It's
already  done  like  this  by  people  who  run  Exchange  and want to
instantly offload SMTP AUTH sessions from their mailbox servers.

I do not think that adding an additional out-of-context authentication
method is going to be worth attempting.

 3) An external application handler that would allow for things like 
 Declude JunkMail, Virus, and Message Sniffer.

Well...we're basically already doing this with a transport event sink.
I  didn't want to mention it yet, but I've been using our own external
tests under MS SMTP for the past month on one server, for example.

 4) A message splitter, so actions can be based on individual addresses 
 instead of individual messages.

Easy  enough  to  code  within  an event sink, though I've never had a
desire for this because the overhead could be crippling and it's quite
counter to SMTP as a protocol.

Giving  Declude  the ability to (a) natively interpret a single RFC822
file  with  MS headers, as passed by MS SMTP (right now, you'd have to
write  out  a  dummy Q file, which is easy but an admitted extra step)
would  be  nice  to have. And being able to disable all daisy-chaining
with  a  GLOBAL.CFG  setting, since MS will automatically proceed with
message processing once control is returned to the service, would make
SMTP32 log errors go away. IMO+E, none of this requires anything crazy
to   be   done   by   SortMonster  or  Declude--except  for  licensing
clarifications! :)

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.