Goran, yes, if you set a HOLD action, the weight is irrelevant in the
example you cited. In a more complicated example, you'd have to check the
precedence of actions listed in the manual.
Why?
Well, you might also have a WHITELIST action, or a WEIGHT action for a high
value that does a DELETE.
What I have done is create a set of base files as such:
GlobalHeader.txt
GlobalTests.txt
JMFilterActions.txt
JMDNSActions.txt
JMExternal.txt
JMWeights.txt
When I need to add a test or make a global change, I change the appropriate
base file
Then, I have a script that adds the appropriate files tog
Scott,
I am starting to see a maintenance issue with the way I am doing things.
I want to have per-domain config files primarily so that I can white and
black list separately.
Now when I setup a new test I have to go in through each domain's
$default$.junkmail file and add the test with the actio
Hi,
If you are trying out a new test and are not sure what it is going to do
you set the WEIGHT of that test to 0 and then monitor it. One way would
be to use a HOLD action on that test.
My question is if the WEIGHT was not set to 0 but say 10 and the action
is HOLD will the e-mail be held regar
Scott,
If you have both JunkMail and Virus are you able to block/delete an
incoming mail message if the attachment had a virus? Actually do you
need JunkMail at all in this condition?
Goran Jovanovic
The LAN Shoppe
---
[This E-mail was scanned for viruses by Declude Virus (http://ww
Scott,
I'm very confused by what's happening with the following message apart
from it looping 5 times and getting killed. The original scored 36
points, which on my system would get it to ROUTETO a sub-mailbox on my
own domain and the subject should have shown the weight in square
brackets, a
Try blat as a win32 command line mailer. It supports attachements and runs
very stable:
http://sourceforge.net/projects/blat
Adrian
-
- Original Message -
From: "Jason" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 19, 20
- Original Message -
From: "Markus Gufler" <[EMAIL PROTECTED]>
> bash-2.05b$ cpan
> bash: cpan: command not found
>
>
Markus, I haven't used Spamc32, but when I want to connect to CPAN from my
Linux servers this is the command syntax I use:
perl -MCPAN -e shell
HTH,
Bill
---
How about an option where Declude Junkmail would de-space and de-punctuate
the subject and then we could apply a filter on the results.
In theory, the subject line would be parsed removing all characters other
than a-z, A-Z and 0-9 and foreign alphabetical characters.
We could then apply a fil
David (and Bud),
An exception could probably be made for proper usage of the IP being
used as the HELO (when enclosed in brackets). Also, a while back in an
effort to reduce the processing power required for my @LINKED and
IPLINKED filters, I removed all of the IP space that was reserved which
How about an option where Declude Junkmail would de-space and de-punctuate the subject
and then we could apply a filter on the results.
In theory, the subject line would be parsed removing all characters other than a-z,
A-Z and 0-9 and foreign alphabetical characters.
We could then apply a filt
My humble opinion on terminology, Scott, is that:
"fixed in the next build"
would better reflect what you meant. Otherwise us folks out here in the
list start to wonder whether you mean "release" or "Release".
Just another tip for the Declude communications style book.
Andrew 8)
-Original
After installing the latest release of cygwin (1.5.9-1) I can open the
command prompt but I cant start "cpan"
I've tried:
bash-2.05b$ ls egrep
egrep
Ok, egrep is in the current directory
bash-2.05b$ egrep
Usage: egrep [OPTION]... PATTERN [FILE]...
Try
Matt has a file size filter that he has generously contributed to the
community...you should be able to find it easily in the archives.
For filename, use BANEXT in Declude Virus. I don't believe there is a
combined test, but you could structure your weighting as a binary system
(result of 1 for o
I have DJM Pro, not the AV. I want to block emails with specific
attachments in DJM.
Unfortunately, Declude Virus is necessary to properly block attachments
(since attachment names/extensions can indicate security risks, whereas
they are not yet indicative of spam).
You could try writing a fi
Scott,
I have DJM Pro, not the AV. I want to block emails with specific
attachments in DJM.
Thanks,
Todd
At 04:06 PM 4/19/2004 -0500, you wrote:
For Declude Virus
BANNAME fileattachment.ext
example:
BANNAME deleted0.txt
I know it came up that file names with spaces weren't being blocked
Below is an example of headers taken from a false positive using this new
test. For the most part, its a great new test and is working well.
However, i've noticed that Entourage seems to be getting caught. This is
the second customer of mine that i've noticed getting caught by this and
both are u
Title: Message
What, Matt, you get anal about your
work!?
Don't worry, I
won't make you the butt of any jokes.
Andrew
8)
-Original Message-From: Matt
[mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 1:47
PMTo: [EMAIL PROTECTED]Subject: Re:
[Declude.JunkMail] S
Just for curiosity's sake, what does fixed in the next release mean?
If something is referred to as fixed, that means that we have changed the
code to fix it, and any future interim/beta/release will have the change in it.
Fixed in the next alpha interim release or fixed in the next beta release
Just for curiosity's sake, what does fixed in the next release mean?
Fixed in the next alpha interim release or fixed in the next beta release?
It's tough to know since unless there is big news, we don't know what changes there
are in the interim releases.
I'm not pushing the fix, I've done a wo
For Declude Virus
BANNAME fileattachment.ext
example:
BANNAME deleted0.txt
I know it came up that file names with spaces weren't being blocked properly. I don't
know if Scott had fixed that yet.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 04/19/04 03:27PM >>>
I wa
Oops, sorry. I'm not sure about netscape.com, but E-mail from that
domain has been quite rare in the past since they don't have hardly any
employees, and even if you had their primary reverse DNS entries, it's
quite possible that they send out as netscape.com from third-parties
just like syman
I want to hold email that has an attachment with a given file name. I know
the exact file name and size.
It seems like a saw some posts about this in the past but searches of my
archived Declude folder didn't come up with anything.
Thank,
Todd Hunter
---
[This E-mail was scanned for viru
Glenn Brooks wrote:
Will Heloisp run on NT ...I do not see any activity in task manager or
in the declude logslog level MID
It should run on NT just fine, although I couldn't test it on that
platform. No surprise that it's not on the task manager -- it does it's
thing very quickly an pro
Well, Matt, that's a great example for Netscape.net, but Jeff was asking
about Netscape.com
So I guess to round out the conversation, here's the two entries in
spamdomains that everybody seems to have, to cover Netscape.net:
aol.com netscape.net
netscape.netaol.com
I'm pretty sure th
> 'Phishing' scams luring more users
> By Munir Kotadia
>
> Security firm MessageLabs says the number of e-mails that use the
deceptive tactic has increased from 279 to 215,643 over the past six months.
>
> http://news.com.com/2100-7355-5194807.html?tag=sas.email
>
> ---
Andrew and Jeff,
Unfortunately Netscape.net is actually handled by aol.com when it is
outgoing (which is what matters in this case). I sometimes search my
known good E-mail for outgoing servers, or Google for it by looking for
header code along with the address and keeping in mind that a lot o
Ok.. Makes sense.. Thanks..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Monday, April 19, 2004 2:29 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] SPAMDOMAINS - Netscape.com
Jeff, the main problem with figuring out
Jeff, the main problem with figuring out spamdomains entries is that you
really have to receive valid mail from the domain to really know.
If they have an SPF record, that's the easiest way to research them, but you
can also try the website at http://www.SenderBase.org to see what they've
noticed.
To save some trouble shooting time, see below
<==Original message text===>
On Apr 19, 2004, at 7:29 AM, Don Brown wrote:
> Are you having issues with your DNS servers or are you getting DOS'ed?
> We have noticed several connection failures in our log, starting
> yesterday m
Don't know about NT4, but we are running it on Win2k using log level low
and it is working well. I don't see it come up in the task manager
either, but it is running.
Jason
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Glenn Brooks
Sent: Monday, Apr
Will Heloisp run on NT ...I do not see any activity in task manager or in
the declude logslog level MID
At 01:57 PM 4/19/2004 -0400, you wrote:
You should be fine as long as you don't do matches on numbers below 20, or
at least that is my experience. I'm thinking that you created this
ex
Hello,
I got a message that was "from" [EMAIL PROTECTED] but came from
RoadRunners networks. There isn't a netscape entry in my SPAMDOMAINS.TXT
file. I was just wondering what I would enter to make it so.
I did a NSLOOKUP on netscape.com and the MX record points to
mail.nescape.
You should be fine as long as you don't do matches on numbers below 20,
or at least that is my experience. I'm thinking that you created this
exception in order to head off that problem. Minimally it's worth a try.
Matt
Bud Durland wrote:
Jason wrote:
These headers didn't trigger the HELOIS
Jason wrote:
These headers didn't trigger the HELOISIP test. It looks to me like
they should have. Any Ideas?
Received: from adsl-63-202-107-44.dsl.lsan03.pacbell.net [63.202.107.44]
by areatech.com (SMTPD32-7.14) id A37557AB0118; Mon, 19 Apr 2004 10:42:45 -0500
Because of the 'lsan03', the
Thanks for beaming me the info Scotty :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of R. Scott Perry
Sent: Monday, April 19, 2004 12:09 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Making stuff do
what it's not supposed to
>Using existing
Sandy, already awake?
I've tried to configure spamc32.
After installing cygwin under c:\cygwin your readme states to open a DOS
prompt, cd \cygwin\bin and type cygwin.
This wouldn't work with cygwin 1.5.9-1
In can find a cygwin.bat on c:\cygwin
Starting this batch I can see a unix like command
Using existing methods in Imail and Declude, is
there any way to get the revdns info to show on
the from: or the subj: line? I had someone ask,
didn't know and I did not see it in the archives,
and said I would try to find out.
I believe that you could use:
CATCHALLMAILS SUBJECT [%REVDNS%]
to
These headers didn't trigger the HELOISIP test. It looks to me like
they should have. Any Ideas?
Received: from adsl-63-202-107-44.dsl.lsan03.pacbell.net [63.202.107.44]
by areatech.com
(SMTPD32-7.14) id A37557AB0118; Mon, 19 Apr 2004 10:42:45 -0500
Received: from iowiekwaoakkwjehckckw.com
Responding to my own post:
Here is the final batch file with date scripting included. It is
probably too basic, but if anyone can use it here it is:
for /F "tokens=1-4 delims=/- " %%A in ('date/T') do wamlog
c:\imail\spool\dec%%B%%C.log >> Stats.txt
imail1 -s Daily Spam Stats -f Stats.txt -t [E
Using existing methods in Imail and Declude, is
there any way to get the revdns info to show on
the from: or the subj: line? I had someone ask,
didn't know and I did not see it in the archives,
and said I would try to find out.
So ...
~~
~ Timm Jasper
I was wondering if it's possible with the standard version to create
a Global.cfg file or that type of file (whitelist and other configs) for
separate domains (like the $default$.junkmail file).. Thanks..
No, the settings in the global.cfg file are global settings, and cannot be
used on
Here's the spamdomains.txt file I received off-list (for our setup, I left
out the outblaze domains).. Don't forget to add the needed entries to the
Global.cfg file and the $default$.junkmail files (see below)..
Global.cfg
_
SPAMDOMAINS
I'd post the one I received off list, but am not sure if the original person
who sent it to me would like if I did.. I'll contact them and see if it
would be ok.. Just don't want to make anyone angry.. I'm sure they won't
care, but it would stink to post it and then have them come back bitchin'
My favorite new filter has been the NOTENDSWITH...
But I've found a problem.
COUNTRY 5 NOTENDSWITH US
Using the above line, every country including the US gets five points.
It seems that there is an issue with the code where NOTENDSWITH will not
work properly if the length of
Hello,
I was wondering if it's possible with the standard version to create
a Global.cfg file or that type of file (whitelist and other configs) for
separate domains (like the $default$.junkmail file).. Thanks..
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declud
Me too!
Kevin
-- Original Message --
From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Mon, 19 Apr 2004 07:09:27 -0700
>Me three. ;)
>
>John Tolmachoff
>Engineer/Consultant/Owner
>eServices For You
>
>> -Original
Many thanks, I couldn't find that info anywhere (else).
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 04/16/04 05:33PM >>>
Not surprising that you missed this one, based on the subject line:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg17684.html
Sorry if this h
Me three. ;)
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Rick Hogue
> Sent: Monday, April 19, 2004 6:56 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Sp
I have 3 different Spamdomains.txt weights.
Outblaze, mail2world, and everyone.net domain's get 15 points (tag at 20, hold at 35)
Strong spamdomains get 10 points (rare false positives, MX servers with only one
domain name).
Weak spamdomains get 7 points (domains more likely to false positive, MX
Me too.
Rick Hogue
www.intent.net Web Hosting 1-800-866-2983
www.prosperity.com Featured web site
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug McKee
Sent: Monday, April 19, 2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] S
My favorite new filter has been the NOTENDSWITH...
But I've found a problem.
COUNTRY 5 NOTENDSWITH US
Using the above line, every country including the US gets five points.
May I also suggest a NOIS filter test?
Scott Fisher
Director of IT
Farm Progress Companies
---
[This
Me too,
Thanks,
Doug
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic
Sent: Monday, April 19, 2004 7:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Spamdomains.txt file
Todd,
Would you mind sending me a copy of the spamdomain.tx
Matt wrote:
I have a few suggestions that you might want to consider.
The first one would be to skip processing of the message and just have
Declude pass off the HELO as an argument to your script. This can be
done with %HELO%. This will speed processing and ensure that the HELO
comes in the
Todd,
Would you mind sending me a copy of the spamdomain.txt file as well? I
would like to see what you have as a starting point.
Thanx
Goran Jovanovic
The LAN Shoppe
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf O
Is there a way to IGNORE all tests on outbound customer mail.
Outgoing actions are determined by the settings in the
\IMail\Declude\global.cfg file. If you set all the actions in that file to
IGNORE, then no action will be taken on outgoing E-mail.
Thanks.. I've received a couple so far, so if you don't wish to send it,
it's ok..
But I do have another question for the list.. Pretty much the entries for
Global.CFG and the junkmail config for the spamdomains tests.. Which weight
seems to work best, etc. This weekend, I've seen A LOT of spam
Is there a way to IGNORE all tests on outbound customer mail.
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
uns
> Sandy, I thought you were an east-coaster...you should get some sleep!
>
Right you are. Actually, I'm supposed to be coding, but it's so easy
to get distracted...
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Inte
Sandy, I thought you were an east-coaster...you should get some sleep!
Darin.
- Original Message -
From: "Sanford Whiteman" <[EMAIL PROTECTED]>
To: "Matt" <[EMAIL PROTECTED]>
Sent: Monday, April 19, 2004 3:43 AM
Subject: Re[2]: [Declude.JunkMail] Mark vs Hold vs Delete
> First, if yo
> First, if you read my original post, I used two examples to show how
> spam patterns can be very different based on the type of domain not
> knowing what sort of traffic Goran was seeing and how he might
> modify his approach.
Do you mean where you say--
> Domains used exclusively f
> The only thing I fear, is that as soon as SA will have such a rule
> spammers will immediatly rewrite their SW (or bether said email
> worms) and don't use anymore IP-like HELO strings.
This would be reasonable if it were in the standard SA distro, but I'm
talking about community shari
> ... when
> many of the tests could be wrapped by SpamAssassin custom
> rules ...
The only thing I fear, is that as soon as SA will have such a rule spammers
will immediatly rewrite their SW (or bether said email worms) and don't use
anymore IP-like HELO strings.
Markus
---
[This E-mail
Hello everyone.
I have created a batch file that runs Bill's log analyzer that was made
available last week. What I would like to do is have the DOS batch file
e-mail this each night at midnight using the previous days declude log
file. I do not know much about date scripting in DOS batch file
64 matches
Mail list logo
