Re: [Declude.JunkMail] why does this fail the spam domains test?

Thanks, Andrew- That follows the pattern I often use with whitelisting... It reinforces the power of tools we have at our disposal and the care with which we need to use them. ie: "sex" matches a lot of common place names like middlesex and essex. -d - Original Message - From: "Colbec

RE: [Declude.JunkMail] [Declude.Virus] Scott, what do you use to generate this report

This works for me: wamlog dec0416.log c:\imail\declude\global.cfg Modify the parameters to suite your environment, of course. Andrew 8) -Original Message- From: Dave Doherty [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 8:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkM

Re: [Declude.JunkMail] why does this fail the spam domains test?

Thanks, Scott. - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 6:58 AM Subject: Re: [Declude.JunkMail] why does this fail the spam domains test? > > >yahoo.com > >would require that all possible REVDNS entries contai

Re: [Declude.JunkMail] [Declude.Virus] Scott, what do you use to generate this report

I tried that first on my laptop, then gave up and tried to run it on the server with the same results. The wamlog.txt file is empty. -d - Original Message - From: "Goran Jovanovic" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 5:39 PM Subject: RE: [Declude.Junk

RE: [Declude.JunkMail] OT: Cosmic 419er lost in space

> http://www.theregister.co.uk/2004/04/16/cosmic_419er/ In the current edition of c't (german computer magazine) is an article about "scambaiters" http://www.craigscrap.co.uk/scam/scam.pdf (german) People answering to fraud emails and involving the swindlers in email dialogs for several weeks an

RE: [Declude.JunkMail] OT: Cosmic 419er lost in space

I say let him pay for the transgressions of his brethren in Lagos! ;) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Friday, April 16, 2004 1:20 PM To:

RE: [Declude.JunkMail] SURBL filter script

> I looked through the messages on the list but I could not > find what is the suggested weight for this test. Any > suggestions? I can see that SURBL has the same efficiency as CBL, DSBL or XBL-DYNA. So maybe you can use the same weight as for this tests. At the moment I use a weight correspo

RE: [Declude.JunkMail] SBL-XBL Question

Not surprising that you missed this one, based on the subject line: http://www.mail-archive.com/[EMAIL PROTECTED]/msg17684.html Sorry if this has already been answered here. My inbound messages on this list have been highly out of sort order. Andrew 8) -Original Message- From: Scott Fi

RE: [Declude.JunkMail] SURBL filter script

Roger, I just downloaded the script and got it to update. Thank you. I looked through the messages on the list but I could not find what is the suggested weight for this test. Any suggestions? I am currently marking SPAM at 10 and seeing how that goes. I would like to start deleting at 20 or so.

RE: [Declude.JunkMail] [Declude.Virus] Scott, what do you use to generate this report

I simply copied a current DEC.log file into the directory I create for WAMLOG and ran Wamlog dec0416.log And it produced a file wamlog.txt in the same directory Goran Jovanovic The LAN Shoppe > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- >

Re: [Declude.JunkMail] [Declude.Virus] Scott, what do you use to generate this report

Hi, Bill- I've been trying to use the latest download and I can't figure out what's wrong. I provide complete paths to the log file and global.cfg. The program lists the tests that are available, then issues a few 0's. After a while it gives me a blank report. LOGLEVEL is set to MID Any suggesti

[Declude.JunkMail] OT: Cosmic 419er lost in space

http://www.theregister.co.uk/2004/04/16/cosmic_419er/ A little levity for Friday. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED],

Re: [Declude.JunkMail] tricks for dealing with null senders?

You mean as a mailbox name instead of an alias? Good question. I don't know whether it would retain its wildcard capabilities or not., never tried it. -Dave - Original Message - From: "Robert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 15, 2004 4:59 PM Subject: Re:

Re: [Declude.JunkMail] New test => EHLOFILTER

Markus Gufler wrote: No other MTA should connect to your MTA using your MTA's IP as HELO string. I don't know if there is any reason to connect with any other IP-address as HELO-string. My thinking exactly Several people has set up a filter file containing HELO 0 CONTAINS [your.servers.ip.ad

RE: [Declude.JunkMail] Ipfile.txt

One other thing.. If there are changes made to the ipfile.txt file, does the SMTP server need to be restarted for Declude to see and use these changes? No; any changes to Declude config files are reflected immediately upon saving the file. -Scot

RE: [Declude.JunkMail] Ipfile.txt

One other thing.. If there are changes made to the ipfile.txt file, does the SMTP server need to be restarted for Declude to see and use these changes? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, April 15, 2004 1:22 PM T

RE: [Declude.JunkMail] Spamdomains.txt file

Anyone? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Friday, April 16, 2004 8:26 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spamdomains.txt file Hello, I think I'm going to implement the spam domains test

[Declude.JunkMail] SBL-XBL Question

I see that the Spamhaus XBL returns values 127.0.0.4-6. I'm currently using 127.0.0.4. Can anyone tell me what return values 127.0.0.5 and 127.0.0.6 refer to? Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

Re[2]: [Declude.JunkMail] WHITELISTFILE problems

X-Declude-Sender is turned off. We use our own header: MAILFROM: %MAILFROM% And this is what we try to use... That is indeed the one to use. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude

Re[2]: [Declude.JunkMail] WHITELISTFILE problems

Reply to: R. Scott Perry Re: [Declude.JunkMail] WHITELISTFILE problems on Friday 10:47:48 AM X-Declude-Sender is turned off. We use our own header: MAILFROM: %MAILFROM% And this is what we try to use... H... Maybe we should look closer like you say? -- Roger Heath [EMAIL PROTECTED] ww

Re: [Declude.JunkMail] WHITELISTFILE problems

We also see this working intermittently here, so we are a bit confused. We are wondering if we have the general format wrong? [EMAIL PROTECTED] @news.intelligententerprise.com .intelligententerprise.com pottersschool.org and line in $default$.junkmail is: WHITELISTFILE C:\IMail\Declude\filters\em

Re: [Declude.JunkMail] WHITELISTFILE problems

I've been wanting to use WHITELISTFILE for a while now to do per-domain whitelists since we're using per-domain/per-user settings now ( I'm obsessive, what can I say ), and week provided a very obtuse way of allowing me to do so. So, as the instructions say in the manual ( using Declude 1.75 )

Re: [Declude.JunkMail] WHITELISTFILE problems

Reply to: Ryan Carmelo Briones Re: [Declude.JunkMail] WHITELISTFILE problems on Friday 10:24:44 AM We also see this working intermittently here, so we are a bit confused. We are wondering if we have the general format wrong? [EMAIL PROTECTED] @news.intelligententerprise.com .intelligentente

RE: [Declude.JunkMail] New test => EHLOFILTER

> I created this because I see quite a few messages that use an > IP for the HELO, (and often it is MY mail server's IP). I > have never, ever, not once seen such a message that wasn't > spam, so on my system that test will be weighted quite heavily. No other MTA should connect to your MTA us

[Declude.JunkMail] WHITELISTFILE problems

I've been wanting to use WHITELISTFILE for a while now to do per-domain whitelists since we're using per-domain/per-user settings now ( I'm obsessive, what can I say ), and week provided a very obtuse way of allowing me to do so. So, as the instructions say in the manual ( using Declude 1.75 ), I s

RE: [Declude.JunkMail] Updating Global.CFG

Yes, it only works with Imail versions 8.x and above. That is when Imail added an indicator in the Q file to show that the sender authenticated to Imail. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- >

RE: [Declude.JunkMail] ARGOLINKs SPAM Graph

For the record, it does not read the whole log unless you are not running it regularly, it writes the last read position to a file and seeks to that position on the next gather. If ran regularly using scheduler, it wasn't that bad of a process hog on my old single proc system. I have not set it up

Re: [Declude.JunkMail] Updated SURBL filter script

I just tested this and the answer is that the processing will stop immediately. /Roger Scott, what will happen if all entries in a filter file have the weight 0 and I use MAXWEIGHT 0? Will the processing stop immediately or at the first match? /Roger -- -

RE: [Declude.JunkMail] Updating Global.CFG

I guess I was not clear. I know that SMTP Auth works in IMAIL versions but my question was does it work in declude for all versions of Imail. Or more Clearly - Does the Whitelist AUTH function in Declude work with all versions of IMAIL - I thought I read that this Declude feature only works with

RE: [Declude.JunkMail] SURBL filter script

> I'm curious: I'm too ;-) > Why did these NDRs contain a "blocked" URL? Were they indeed > "wanted" NDRs, or were they NDRs for Spam that wasn't > delivered, which happened to have one of your users as the > faked sender? After searching trough the logfiles I've discovered that this mess

Re: [Declude.JunkMail] Updated SURBL filter script

I will update the script so that it can handle both maxweight and an optional exclude file. I don't think that a variable for setting the weight of rows/entries different from the maxweight is necessary, since the purpose is to stop processing at a match, so the maxweight option would set the

RE: [Declude.JunkMail] why does this fail the spam domains test?

Dave, allow me to butt in here with the late night reply and say yes, your interpretation is exactly right for all 3 of your examples. And let me also add that clarity certainly does help, for example I saw a weird false positive and chuckled over it. I had a sd.txt that listed: mac.com apple.

RE: [Declude.JunkMail] SURBL filter script

My results from a business setting are very positive also. 294 hits. 292 SPAM 2 NotSpam (both from the declude mailing list hitting on webhosting.yahoo.com) Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 04/16/04 03:25AM >>> > It will take a day or two before the log

Re: [Declude.JunkMail] Updated SURBL filter script

As for the maxweight, perhaps someone can do it better, but this works for me: In the variables ection add: set V_Maxweight=20 In the code after if not "%v_weight%"=="" echo SKIPIFWEIGHT %v_weight%>> surbl.filter.tmp add: if not "%v_maxweight%"=="" echo MAXWEIGHT %v_maxweight%>> surbl.filter.tmp

RE: [Declude.JunkMail] SURBL filter script

Hi Markus: I'm curious: >> All of this 24 messages are NDR's or "Notifications" send from "<>" back to the recipient.<< Why did these NDRs contain a "blocked" URL? Were they indeed "wanted" NDRs, or were they NDRs for Spam that wasn't delivered, which happened to have one of your users as the f

Re: [Declude.JunkMail] Whitelisting issue

If one person has [EMAIL PROTECTED] in the address book it appears that an email sent to this person and many others will be whitelisted for all. Correct. We have a situation that a person receives a lot of news emails and has whitelisted his address. Now anything th

Re: [Declude.JunkMail] Whitelisting issue

on 4/16/04 8:39 AM, Kami Razvan wrote: > I know this has been discussed in the past but I am not sure if any solution > is available. > > If one person has [EMAIL PROTECTED] in the address book it appears that an email > sent to this person and many others will be whitelisted for all. > > We hav

Re: [Declude.JunkMail] New test

Markus; Thanks for the detailed feedback and kind words. I haven't had time to the study our numbers (and I believe our statistical universe is much smaller than yours), but generally speaking I'm pleased with the results we're seeing here. For those who are interested, I'll be posting this t

[Declude.JunkMail] Whitelisting issue

Hi;   I know this has been discussed in the past but I am not sure if any solution is available.   If one person has [EMAIL PROTECTED] in the address book it appears that an email sent to this person and many others will be whitelisted for all.   We have a situation that a person receives

[Declude.JunkMail] Spamdomains.txt file

Hello, I think I'm going to implement the spam domains tests. Anyone have a file they would like to share that works well for them? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubs

RE: [Declude.JunkMail] Why Was This E-Mail Marked As HELOBOGUS?

If a sending mail server has an A record but it does not have an MX then it would not fail the HELOBOGUS check? Correct. That is how it actually works in most cases. For example, if the mailserver for the example.com domain is named mail.example.com, it should really send HELO mail.example.com

Re: [Declude.JunkMail] why does this fail the spam domains test?

yahoo.com would require that all possible REVDNS entries contain "yahoo.com" so a message would pass the test if the REVDNS of its originating IP was abc.yahoo.com, abcyahoo.com or abc.yahoo.com.hk, but not yahoo.ca Correct, but this has the drawback of blocking "[EMAIL PROTECTED]" if they do not

Re: [Declude.JunkMail] tricks for dealing with null senders?

> Delete the nobody alias if it's present. That will let Imail reject > misaddressed messages before it processes them. This is way more efficient, > and it should cut down on your processor and disk activity quite a lot. What if nobody is a real address? Robert - Original Message - Fro

Re: [Declude.JunkMail] Updated SURBL filter script

Matt, Thanks for the suggestions. With a maxweight variable it would also make sense to add a body weight variable (so that this weight easily can be set to a value other than 0). At present, the processor load shouldn't be any problem, however, since the number of entries is rather few. This

RE: [Declude.JunkMail] New test

Two days ago Bud has announced HELOISIP as new external test. After trying this test now for 36 hours I can report the following results for 04/15/2004 Processed messages: 9832 Hold as Spam: 4728 (48% of all messages) Detected by HELOISIP: 1340 (28% of hold spam / 14% of all message

RE: [Declude.JunkMail] SURBL filter script

> It will take a day or two before the log analysis and test > check scripts are available, since I must adjust them to > handle all log levels. Here are my results from 04/15/2004 Processed messages: 9832 Hold as Spam: 4728 (48% of all messages) Detected by SURBL: 2552 (54% of hold

Re: [Declude.JunkMail] why does this fail the spam domains test?

Hi Matt- Thanks for the explanation. Let me feed back to you what I think you said. yahoo.com would require that all possible REVDNS entries contain "yahoo.com" so a message would pass the test if the REVDNS of its originating IP was abc.yahoo.com, abcyahoo.com or abc.yahoo.com.hk, but not yahoo.