RE: [Declude.JunkMail] How accurate is spamcop
I completely agree. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, April 28, 2004 1:21 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] How accurate is spamcop SpamCop has a serious problem with blacklisting large ISP mail servers. Just yesterday I had three false positives partially caused by SpamCop weighted at about 45% of my hold weight for the domains in question, and hitting E-mail coming from adelphia.net, wanadoo.fr and netvision.net.il, all large ISP mail servers. Based on my review of SpamCop on these ISP mail servers, I estimate that they have between a 1 in 20 and a 1 in 50 chance of a message getting improperly tagged when they come through such an ISP. This also caries over to the likes of AOL and Road Runner.I once contacted one of their "Deputies" about the issue and their response was that "SpamCop is aggressive." Unfortunately their failure to resolve this long-standing problem of treating an ISP mail server that sends 99.99% legit E-mail just the same as a mail server belonging to a spam house weakens the value of their blacklist a great deal and causes administrators like ourselves a lot of frustration that something so obvious couldn't be corrected.SpamCop also has a fundamental flaw in that submitted spam that gets forwarded from one server to a destination often causes the forwarding server to get tagged, and forged headers can also trick them from time to time.I would suggest weighting SpamCop at no more than 60% of your hold weight, and add as many reliable tests as possible. SpamCop is however a very important test, and it accurately flags about 2/3 of the spam reaching my server.MattDoris Dean wrote: Is it safe to simply delete an email flagged with spamcop? TIA Doris-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] How accurate is spamcop
Title: Message Personally, I don't consider this a problem with SpamCop. I understand that different people have different needs, but in my case every message entering my system from adelphia.net and wanadoo.fr is spam. Shayne -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Tuesday, April 27, 2004 6:21 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] How accurate is spamcopSpamCop has a serious problem with blacklisting large ISP mail servers. Just yesterday I had three false positives partially caused by SpamCop weighted at about 45% of my hold weight for the domains in question, and hitting E-mail coming from adelphia.net, wanadoo.fr and netvision.net.il, all large ISP mail servers. Based on my review of SpamCop on these ISP mail servers, I estimate that they have between a 1 in 20 and a 1 in 50 chance of a message getting improperly tagged when they come through such an ISP. This also caries over to the likes of AOL and Road Runner.I once contacted one of their "Deputies" about the issue and their response was that "SpamCop is aggressive." Unfortunately their failure to resolve this long-standing problem of treating an ISP mail server that sends 99.99% legit E-mail just the same as a mail server belonging to a spam house weakens the value of their blacklist a great deal and causes administrators like ourselves a lot of frustration that something so obvious couldn't be corrected.SpamCop also has a fundamental flaw in that submitted spam that gets forwarded from one server to a destination often causes the forwarding server to get tagged, and forged headers can also trick them from time to time.I would suggest weighting SpamCop at no more than 60% of your hold weight, and add as many reliable tests as possible. SpamCop is however a very important test, and it accurately flags about 2/3 of the spam reaching my server.MattDoris Dean wrote: Is it safe to simply delete an email flagged with spamcop? TIA Doris-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] How accurate is SpamCop
Title: Message So, if I sent you a message from my home ISP account, which is Adelphia, you would automatically consider it spam? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shayne Embry Sent: Wednesday, April 28, 2004 6:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] How accurate is spamcop Personally, I don't consider this a problem with SpamCop. I understand that different people have different needs, but in my case every message entering my system from adelphia.net and wanadoo.fr is spam. Shayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, April 27, 2004 6:21 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] How accurate is spamcop SpamCop has a serious problem with blacklisting large ISP mail servers. Just yesterday I had three false positives partially caused by SpamCop weighted at about 45% of my hold weight for the domains in question, and hitting E-mail coming from adelphia.net, wanadoo.fr and netvision.net.il, all large ISP mail servers. Based on my review of SpamCop on these ISP mail servers, I estimate that they have between a 1 in 20 and a 1 in 50 chance of a message getting improperly tagged when they come through such an ISP. This also caries over to the likes of AOL and Road Runner. I once contacted one of their Deputies about the issue and their response was that SpamCop is aggressive. Unfortunately their failure to resolve this long-standing problem of treating an ISP mail server that sends 99.99% legit E-mail just the same as a mail server belonging to a spam house weakens the value of their blacklist a great deal and causes administrators like ourselves a lot of frustration that something so obvious couldn't be corrected. SpamCop also has a fundamental flaw in that submitted spam that gets forwarded from one server to a destination often causes the forwarding server to get tagged, and forged headers can also trick them from time to time. I would suggest weighting SpamCop at no more than 60% of your hold weight, and add as many reliable tests as possible. SpamCop is however a very important test, and it accurately flags about 2/3 of the spam reaching my server. Matt Doris Dean wrote: Is it safe to simply delete an email flagged with spamcop? TIA Doris -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
RE: [Declude.JunkMail] How accurate is SpamCop
Title: Message John, I didn't say that. In my case I haven't received any legitimate email from those domains and I do receive a considerable amount of spam from them, so I tend to treat them accordingly. To answer theoriginal question,in my case SpamCop is very, very effective and I use it aggressively. I rarely see a false positive. But as I said, everyone has different needs. I'm not trying to disagree with anyone posting here about their experiences and practices. Just relaying my experience. Shayne -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)Sent: Wednesday, April 28, 2004 9:07 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] How accurate is SpamCop So, if I sent you a message from my home ISP account, which is Adelphia, you would automatically consider it spam? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shayne EmbrySent: Wednesday, April 28, 2004 6:46 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] How accurate is spamcop Personally, I don't consider this a problem with SpamCop. I understand that different people have different needs, but in my case every message entering my system from adelphia.net and wanadoo.fr is spam. Shayne -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Tuesday, April 27, 2004 6:21 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] How accurate is spamcop SpamCop has a serious problem with blacklisting large ISP mail servers. Just yesterday I had three false positives partially caused by SpamCop weighted at about 45% of my hold weight for the domains in question, and hitting E-mail coming from adelphia.net, wanadoo.fr and netvision.net.il, all large ISP mail servers. Based on my review of SpamCop on these ISP mail servers, I estimate that they have between a 1 in 20 and a 1 in 50 chance of a message getting improperly tagged when they come through such an ISP. This also caries over to the likes of AOL and Road Runner.I once contacted one of their "Deputies" about the issue and their response was that "SpamCop is aggressive." Unfortunately their failure to resolve this long-standing problem of treating an ISP mail server that sends 99.99% legit E-mail just the same as a mail server belonging to a spam house weakens the value of their blacklist a great deal and causes administrators like ourselves a lot of frustration that something so obvious couldn't be corrected.SpamCop also has a fundamental flaw in that submitted spam that gets forwarded from one server to a destination often causes the forwarding server to get tagged, and forged headers can also trick them from time to time.I would suggest weighting SpamCop at no more than 60% of your hold weight, and add as many reliable tests as possible. SpamCop is however a very important test, and it accurately flags about 2/3 of the spam reaching my server.MattDoris Dean wrote: Is it safe to simply delete an email flagged with spamcop? TIA Doris -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
[Declude.JunkMail] Perl Script Spamheaders
Any Perl savy people out there using the Mime::Lite module in any of their scripts figure out how to generate valid Message-IDs in mail sent from online forms? I'm trying to get our forms to pass the "Spamheaders" test and this is a sticking point. I cannot find any information online on implementation. The Cpan manuals just list "message-id" once and it's in a list of items. I've tried the following code but all I getis the automatically generated Imail message-id: === sub smtp_mail {MIME::Lite-send('smtp', "mail.mydomain.com"); $idnum = time(); $randnum = rand(); my $msg = MIME::Lite-new( From = $def_from, To = $def_to, Cc = $def_cc, Subject = $def_subject, Message-ID = [EMAIL PROTECTED], Type = 'multipart/related' ); $msg-attach( Type = 'text/html', Data ="" qq| $TG{'MessageBody'}| ); $msg-attach( Type = 'text', Path = $EmailTempFile, ); $msg-send or die ("Error sending e-mail: $!");} === John Olden - Systems AdministratorChampaign Park District
[Declude.JunkMail] OT: New Declude Site
Scott, I like the new site. Very cool idea to add the RSS feed! Andy Ognenoff Online Systems Administrator - Cousins Submarines, Inc. http://www.cousinssubs.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How accurate is SpamCop
Title: Message Spamcop is NOT ever reliable for deleting spam, as one of several tests its ok but never ever based on them alone. An example. The largest broadband company here in Norway tries to force all there customers to use there mailservers as SMTP, they ended up on Spamcop's list in 72 hours. Most mail came through but a lot of people lost mail because of idiots using spamcop as a test for deleting mail. Benny From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shayne EmbrySent: 28. april 2004 16:34To: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] How accurate is SpamCop John, I didn't say that. In my case I haven't received any legitimate email from those domains and I do receive a considerable amount of spam from them, so I tend to treat them accordingly. To answer theoriginal question,in my case SpamCop is very, very effective and I use it aggressively. I rarely see a false positive. But as I said, everyone has different needs. I'm not trying to disagree with anyone posting here about their experiences and practices. Just relaying my experience. Shayne -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)Sent: Wednesday, April 28, 2004 9:07 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] How accurate is SpamCop So, if I sent you a message from my home ISP account, which is Adelphia, you would automatically consider it spam? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shayne EmbrySent: Wednesday, April 28, 2004 6:46 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] How accurate is spamcop Personally, I don't consider this a problem with SpamCop. I understand that different people have different needs, but in my case every message entering my system from adelphia.net and wanadoo.fr is spam. Shayne -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Tuesday, April 27, 2004 6:21 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] How accurate is spamcop SpamCop has a serious problem with blacklisting large ISP mail servers. Just yesterday I had three false positives partially caused by SpamCop weighted at about 45% of my hold weight for the domains in question, and hitting E-mail coming from adelphia.net, wanadoo.fr and netvision.net.il, all large ISP mail servers. Based on my review of SpamCop on these ISP mail servers, I estimate that they have between a 1 in 20 and a 1 in 50 chance of a message getting improperly tagged when they come through such an ISP. This also caries over to the likes of AOL and Road Runner.I once contacted one of their "Deputies" about the issue and their response was that "SpamCop is aggressive." Unfortunately their failure to resolve this long-standing problem of treating an ISP mail server that sends 99.99% legit E-mail just the same as a mail server belonging to a spam house weakens the value of their blacklist a great deal and causes administrators like ourselves a lot of frustration that something so obvious couldn't be corrected.SpamCop also has a fundamental flaw in that submitted spam that gets forwarded from one server to a destination often causes the forwarding server to get tagged, and forged headers can also trick them from time to time.I would suggest weighting SpamCop at no more than 60% of your hold weight, and add as many reliable tests as possible. SpamCop is however a very important test, and it accurately flags about 2/3 of the spam reaching my server.MattDoris Dean wrote: Is it safe to simply delete an email flagged with spamcop? TIA Doris -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
Re: [Declude.JunkMail] How accurate is SpamCop
Shayne, They regularly list AOL and Road Runner mail servers too. I was just giving you examples of what happened on one single day and what ended up getting held on my system. It took multiple tests showing FP's in order for each message to get held. Here's some SpamCop detail on AOL's mail server's for instance: http://www.spamcop.net/w3m?action=""> Note that they fare better than most large ISP's because they don't pump hardly any broadband customers out of these servers, and dial-up users are highly unlikely to get hijacked by a spammer. Matt Shayne Embry wrote: Message John, I didn't say that. In my case I haven't received any legitimate email from those domains and I do receive a considerable amount of spam from them, so I tend to treat them accordingly. To answer theoriginal question,in my case SpamCop is very, very effective and I use it aggressively. I rarely see a false positive. But as I said, everyone has different needs. I'm not trying to disagree with anyone posting here about their experiences and practices. Just relaying my experience. Shayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, April 28, 2004 9:07 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] How accurate is SpamCop So, if I sent you a message from my home ISP account, which is Adelphia, you would automatically consider it spam? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shayne Embry Sent: Wednesday, April 28, 2004 6:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] How accurate is spamcop Personally, I don't consider this a problem with SpamCop. I understand that different people have different needs, but in my case every message entering my system from adelphia.net and wanadoo.fr is spam. Shayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Tuesday, April 27, 2004 6:21 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] How accurate is spamcop SpamCop has a serious problem with blacklisting large ISP mail servers. Just yesterday I had three false positives partially caused by SpamCop weighted at about 45% of my hold weight for the domains in question, and hitting E-mail coming from adelphia.net, wanadoo.fr and netvision.net.il, all large ISP mail servers. Based on my review of SpamCop on these ISP mail servers, I estimate that they have between a 1 in 20 and a 1 in 50 chance of a message getting improperly tagged when they come through such an ISP. This also caries over to the likes of AOL and Road Runner. I once contacted one of their "Deputies" about the issue and their response was that "SpamCop is aggressive." Unfortunately their failure to resolve this long-standing problem of treating an ISP mail server that sends 99.99% legit E-mail just the same as a mail server belonging to a spam house weakens the value of their blacklist a great deal and causes administrators like ourselves a lot of frustration that something so obvious couldn't be corrected. SpamCop also has a fundamental flaw in that submitted spam that gets forwarded from one server to a destination often causes the forwarding server to get tagged, and forged headers can also trick them from time to time. I would suggest weighting SpamCop at no more than 60% of your hold weight, and add as many reliable tests as possible. SpamCop is however a very important test, and it accurately flags about 2/3 of the spam reaching my server. Matt Doris Dean wrote: Is it safe to simply delete an email flagged with spamcop? TIA Doris -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] How accurate is SpamCop
Title: Message Good point, Matt. And thanks to folks like youfor putting in the time to look at these issues. I don't normally jump into these discussions, but seeing you mentiona few of those domainsearlier prompted me to act out of character and respond due to the problems I have had with them. I justprefer to assign ahigher score toSpamCop than what I perceive others to be doing, based on these posts. To each his/her own methods. To clarify, I agree that deleting on a single test isNOT a good idea. Shayne -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, April 28, 2004 10:21 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] How accurate is SpamCopShayne,They regularly list AOL and Road Runner mail servers too. I was just giving you examples of what happened on one single day and what ended up getting held on my system. It took multiple tests showing FP's in order for each message to get held.Here's some SpamCop detail on AOL's mail server's for instance: http://www.spamcop.net/w3m?action="">Note that they fare better than most large ISP's because they don't pump hardly any broadband customers out of these servers, and dial-up users are highly unlikely to get hijacked by a spammer.Matt
RE: [Declude.JunkMail] Perl Script Spamheaders
Title: Message John, I'm thinking that you're not qualifying the right hand side of the message-id variable as text. Let me put that another way: why are you not putting quotes around the parts that are text, and why are you only escaping the @ sign and not the hyphen or the GT and LT signs? What happens if you change the line, on a trial basis, to: Message-ID = '[EMAIL PROTECTED]', (I don't know if any of the text inside the quotes actually needs to be escaped, but it seems worth mentioning.) Andrew 8) -Original Message-From: John Olden [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 28, 2004 7:53 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Perl Script Spamheaders Any Perl savy people out there using the Mime::Lite module in any of their scripts figure out how to generate valid Message-IDs in mail sent from online forms? I'm trying to get our forms to pass the "Spamheaders" test and this is a sticking point. I cannot find any information online on implementation. The Cpan manuals just list "message-id" once and it's in a list of items. I've tried the following code but all I getis the automatically generated Imail message-id: === sub smtp_mail {MIME::Lite-send('smtp', "mail.mydomain.com"); $idnum = time(); $randnum = rand(); my $msg = MIME::Lite-new( From = $def_from, To = $def_to, Cc = $def_cc, Subject = $def_subject, Message-ID = [EMAIL PROTECTED], Type = 'multipart/related' ); $msg-attach( Type = 'text/html', Data ="" qq| $TG{'MessageBody'}| ); $msg-attach( Type = 'text', Path = $EmailTempFile, ); $msg-send or die ("Error sending e-mail: $!");} === John Olden - Systems AdministratorChampaign Park District
[Declude.JunkMail] High CPU usage
Title: Message We turned on the ipblacklist and domainblacklist and populated them from a couple of pretty good sources last Thursday and all of a sudden we were not getting anywhere close to the amount of spam, however some customers who use ColdFusion started not getting much of their email. Also our dual process or email server went from being used at about 35% to well over 90 and at certain times 100% sustained. causing backups on delivery of email. the IPblacklist is about 90k and the dmainblacklist is about 641k. We only have about 28000 incoming and 18000 outgoing emails per day. Any clues as to why this might be happening? Rick Hogue www.intent.net Web Hosting 1-800-866-2983 www.prosperity.com Featured web site
Re: [Declude.JunkMail] High CPU usage
We turned on the ipblacklist and domainblacklist and populated them from a couple of pretty good sources last Thursday and all of a sudden we were not getting anywhere close to the amount of spam, however some customers who use ColdFusion started not getting much of their email. Also our dual process or email server went from being used at about 35% to well over 90 and at certain times 100% sustained. causing backups on delivery of email. the IPblacklist is about 90k and the dmainblacklist is about 641k. We only have about 28000 incoming and 18000 outgoing emails per day. Any clues as to why this might be happening? It's happening because you've added a large amount to what Declude JunkMail has to do. A 90K IP blacklist is about 6,000 IPs, and a 641K domain blacklist is about 30,000 domains. That means that for every E-mail that comes in, Declude JunkMail has to compare the IP with 6,000 IP ranges and compare the return address with 30,000 different domains. That's going to take some time. I am surprised that it is using up so much CPU time. Are those IP blacklists and sender blacklists (ipfile and fromfile), or are those filters (if the domain blacklist is set up as a body filter, it would account for the very high CPU usage)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelist.txt file
Hello, Can IP addresses in conjunction with e-mail addresses (or domain names) be added to a Whitelists.txt file within a per-domain configuration? Thanks.. -Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist.txt file
Can IP addresses in conjunction with e-mail addresses (or domain names) be added to a Whitelists.txt file within a per-domain configuration? No, currently the whitelistfiles can only use domains or E-mail addresses. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Perl Script Spamheaders
why are you not putting quotes around the parts that are text, and why are you only escaping the @ sign and not the hyphen or the GT and LT signs? Good question. I copied part of it from someone else's source and didn't pay attention to that. What happens if you change the line, on a trial basis, to: Message-ID = '[EMAIL PROTECTED]', The problem is still there. The message header has: Message-Id: [EMAIL PROTECTED] X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [421e]. I even tried changing your example to something more inline with the auto-generated one where the date and time were at the beginning. John Olden - Systems Administrator Champaign Park District --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist.txt file
Ok thanks.. And to just re-verify something, if the whitelist.txt file is in the domain folder (per-domain config), the GLOBAL.CFG is skipped and the whitelist.txt file is used instead for whitelisting e-mail addresses. Or are they used in conjunction with each other? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, April 28, 2004 12:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Whitelist.txt file Can IP addresses in conjunction with e-mail addresses (or domain names) be added to a Whitelists.txt file within a per-domain configuration? No, currently the whitelistfiles can only use domains or E-mail addresses. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist.txt file
And to just re-verify something, if the whitelist.txt file is in the domain folder (per-domain config), the GLOBAL.CFG is skipped and the whitelist.txt file is used instead for whitelisting e-mail addresses. Or are they used in conjunction with each other? That's handled the same regardless of whether whitelistfiles are used or not. If there is per-user config file, it will be used. Otherwise, if a per-domain config file, that will be used. If neither are present, the \IMail\Declude\$default$.JunkMail file will be used if the E-mail is incoming, or the \IMail\Declude\global.cfg file will be used if the E-mail is outgoing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ALLRECIPS variable
Hi, Something just struck me. Wouldn't it be a good idea to have the individual addresses in the ALLRECIPS variable surrounded by angled brackets, if it is possible to do that? It only makes sense to use this variable with the CONTAINS filtertype, and by having such brackets we could easily choose between different types of matches (exact, begins with, ends with, partial match) for the individual filter entries. Or have I missed something completely? /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ALLRECIPS variable
Something just struck me. Wouldn't it be a good idea to have the individual addresses in the ALLRECIPS variable surrounded by angled brackets, if it is possible to do that? It only makes sense to use this variable with the CONTAINS filtertype, and by having such brackets we could easily choose between different types of matches (exact, begins with, ends with, partial match) for the individual filter entries. Or have I missed something completely? That is a good idea; that will be changed for the next release. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist.txt file
Ooops.. Sorry about that.. I meant to say $default$.junkmail file.. Just trying to get a domain configured correct in a per-domain config with the whitelist.txt file (having problems and hearing about it from the client). So, if there is a whiltelistip entry in the $default$.junkmail file and the message originates from that IP, it's whitelisted (as it normally and should do). And if an e-mail comes from [EMAIL PROTECTED], that e-mail is first checked for the WHITELIST FROM in the GLOBAL.CFG file, if it's not there then it's checked again the WHITELIST.TXT file within the per-domain configuration. Is this correct? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, April 28, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Whitelist.txt file And to just re-verify something, if the whitelist.txt file is in the domain folder (per-domain config), the GLOBAL.CFG is skipped and the whitelist.txt file is used instead for whitelisting e-mail addresses. Or are they used in conjunction with each other? That's handled the same regardless of whether whitelistfiles are used or not. If there is per-user config file, it will be used. Otherwise, if a per-domain config file, that will be used. If neither are present, the \IMail\Declude\$default$.JunkMail file will be used if the E-mail is incoming, or the \IMail\Declude\global.cfg file will be used if the E-mail is outgoing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Perl Script Spamheaders
John Olden wrote: Any Perl savy people out there using the Mime::Lite module in any of their scripts figure out how to generate valid Message-IDs in mail sent from online forms? I'm trying to get our forms to pass the Spamheaders test and this is a sticking point. I cannot find any information online on implementation. The Cpan manuals just list message-id once and it's in a list of items. I've tried the following code but all I get is the automatically generated Imail message-id: === sub smtp_mail { MIME::Lite-send('smtp', mail.mydomain.com); $idnum = time(); $randnum = rand(); my $msg = MIME::Lite-new( From= $def_from, To = $def_to, Cc = $def_cc, Subject = $def_subject, Message-ID = [EMAIL PROTECTED], Type= 'multipart/related' ); $msg-attach( Type = 'text/html', Data = qq| $TG{'MessageBody'}| ); $msg-attach( Type = 'text', Path = $EmailTempFile, ); $msg-send or die (Error sending e-mail: $!); } === John Olden - Systems Administrator Champaign Park District Like Andrew Colbeck said, the right hand side of Message-ID is a bad value. If you don't use double-quotes around that, then perl would be evaluating that as a filehandle, and either spitting out errors ( if you have strict and warnings turned on ) or returning undef, which is why I'm assuming Imail is doing it for you. That's my best guess. HTH. Ryan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist.txt file
Just trying to get a domain configured correct in a per-domain config with the whitelist.txt file (having problems and hearing about it from the client). Just so long as you have the WHITELISTFILE option in the correct config file, and the file exists and has the appropriate domain(s) and/or E-mail address(es) listed, it should work. Remember, though, that there are lots of possible E-mail addresses (From:, Sender:, X-Sender:, Reply-To:, etc.); the one from the X-Declude-Sender: header (or the MAIL FROM entry in the IMail SMTP log file) is the one to use. So, if there is a whiltelistip entry in the $default$.junkmail file and the message originates from that IP, it's whitelisted (as it normally and should do). I'm not sure what you mean? Are you referring to WHITELIST IP lines (which only work in the global.cfg file)? And if an e-mail comes from [EMAIL PROTECTED], that e-mail is first checked for the WHITELIST FROM in the GLOBAL.CFG file, if it's not there then it's checked again the WHITELIST.TXT file within the per-domain configuration. Correct (where from is the address in the X-Declude-Sender: header). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How accurate is spamcop
Is it safe to simply delete an email flagged with spamcop? We weight SpamCop pretty high, but don't delete on it alone. We hold on 10, delete on 30, and give SpamCop a 12. We were deleting on 20, but as we tune the weights we find we need to bump that up to ensure we didn't push the filters too high. Our goal is to delete on 20. Jeff --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How accurate is spamcop
Is it safe to simply delete an email flagged with spamcop? We weight SpamCop pretty high, but don't delete on it alone. We hold on 10, delete on 30, and give SpamCop a 12. We were deleting on 20, but as we tune the weights we find we need to bump that up to ensure we didn't push the filters too high. Our goal is to delete on 20. Jeff --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] When does Declude re-read .junkmail files?
I have this weird problem. I've been trying to get WHITELISTFILE to work for days with no avail. I was pretty sure I had followed all the instructions, and still no results. So I left the settings in there, and gave up. Well, sparked by the Perl Script Spamheaders email and my finding of the BADHEADERS/SPMAHEADERS explainer ( http://www.declude.com/tools/header.php ), I decided to embark on making my PHP mailer compliant. When I sent the email, I checked the headers for the BADHEADERS code and there I saw it: Whitelisted[0]. *gasp* I had just recieved 2 emails that weren't whitelisted this morning.( spam actually.. ) As these were not the result I wanted at this time, I went ahead and removed myself from the whitelist file and resent the mail. Still whitelisted. So I deleted the whitelist file and removed the WHITELISTFILE thingie from $default$.junkmail and created a USER.junkmail in my per-domain folder. Still whitelisted. The only think that I can fathom the problem being is that Declude doesn't re-read my junkmail files until it reboots or something is restarted. Thanks for your time. Ryan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] When does Declude re-read .junkmail files?
I have this weird problem. I've been trying to get WHITELISTFILE to work for days with no avail. I was pretty sure I had followed all the instructions, and still no results. So I left the settings in there, and gave up. Well, sparked by the Perl Script Spamheaders email and my finding of the BADHEADERS/SPMAHEADERS explainer ( http://www.declude.com/tools/header.php ), I decided to embark on making my PHP mailer compliant. When I sent the email, I checked the headers for the BADHEADERS code and there I saw it: Whitelisted[0]. *gasp* I had just recieved 2 emails that weren't whitelisted this morning.( spam actually.. ) As these were not the result I wanted at this time, I went ahead and removed myself from the whitelist file and resent the mail. Still whitelisted. So I deleted the whitelist file and removed the WHITELISTFILE thingie from $default$.junkmail and created a USER.junkmail in my per-domain folder. Still whitelisted. The only think that I can fathom the problem being is that Declude doesn't re-read my junkmail files until it reboots or something is restarted. Thanks for your time. Declude JunkMail detects changes to those files in real time. The log files are your friend here. If you check the log file, it should help explain what happened. If there isn't enough information in there, you can use LOGLEVEL HIGH instead of LOGLEVEL LOW in the \IMail\Declude\global.cfg file, which will record information such as which config file Declude JunkMail is using. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High CPU usage
ipfile and fromfile Rick Hogue www.intent.net Web Hosting 1-800-866-2983 www.prosperity.com Featured web site -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, April 28, 2004 1:06 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] High CPU usage We turned on the ipblacklist and domainblacklist and populated them from a couple of pretty good sources last Thursday and all of a sudden we were not getting anywhere close to the amount of spam, however some customers who use ColdFusion started not getting much of their email. Also our dual process or email server went from being used at about 35% to well over 90 and at certain times 100% sustained. causing backups on delivery of email. the IPblacklist is about 90k and the dmainblacklist is about 641k. We only have about 28000 incoming and 18000 outgoing emails per day. Any clues as to why this might be happening? It's happening because you've added a large amount to what Declude JunkMail has to do. A 90K IP blacklist is about 6,000 IPs, and a 641K domain blacklist is about 30,000 domains. That means that for every E-mail that comes in, Declude JunkMail has to compare the IP with 6,000 IP ranges and compare the return address with 30,000 different domains. That's going to take some time. I am surprised that it is using up so much CPU time. Are those IP blacklists and sender blacklists (ipfile and fromfile), or are those filters (if the domain blacklist is set up as a body filter, it would account for the very high CPU usage)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Weird characters in email
Hi guys, Has anyone seen weird characters in an email like that: --- snip --- Your message Cc: Test User+ADs- Subject: May New Release Sleeves Sent:Wed, 28 Apr 2004 14:39:37 -0500 did not reach the following recipient(s): Subject: May New Release Sleeves Date: Wed, 28 Apr 2004 14:39:37 -0500 From: a x [EMAIL PROTECTED] +ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKg- MAY NEW RELEASE SLEEVES +ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKg- --- snip --- Any clue where they might come from? Netscape Messenger 4.8 has been used on IMail 7.15 with Declude 1.79i4. Thanks, Adrian --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High CPU usage
ipfile and fromfile I just tested here, and a 600K fromfile caused about 50ms of CPU usage on a 2GHz CPU server. The 90K ipfile didn't show any noticeable CPU usage. Even on a 1GHz CPU with 100,000 E-mails/day, that would only account for about 10% of the CPU usage. I would recommend disabling both one at a time, to see if one of them specifically is causing the high CPU usage. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Weird characters in email
Has anyone seen weird characters in an email like that: Your message did not reach the following recipient(s): +ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKg- MAY NEW RELEASE SLEEVES +ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKg- That's a bounce message from the remote end. Those characters look a lot like some type of encoding (base64/uuencode/BinHex), but I think they are just random characters that are repeating (unless it is something very odd that is encoded). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Weird characters in email
Can I send you the complete message (with headers) off list, to have a look at it? It's not the firs one I've seen and punching part of the string into Google returned some findings. I still have to dig through them, but maybe if you have a look at the complete message, you'll get a better understanding of what's going on. I think there are two basic possibilities here: [1] You sent an E-mail that bounced (in which case it might be interesting to know what those weird characters were for), or [2] That was a spam that bounced back to you (in which case it's just spam). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High CPU usage
Thanks I have disabled both and still have high CPU usage. I run inoculate as my virus protection as well but do not think it is really the problem. I viewed the processes and I am still seeing 40 to 60 simultaneous declude calls with the same number of inoculate calls. The machine is a dual 866 machine with a gig of ram. Ram usage is 256m of 1g total. I am also running diskkeeper 8.0 and the machine is Windows 2000 server with the latest service packs. Does that help in maybe figuring what the culprit might be? By the way this just started like last Thursday when I upgraded to 1.79 on Declude and added the ipfile and fromfile. Rick Hogue www.intent.net Web Hosting 1-800-866-2983 www.prosperity.com Featured web site -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, April 28, 2004 4:43 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] High CPU usage ipfile and fromfile I just tested here, and a 600K fromfile caused about 50ms of CPU usage on a 2GHz CPU server. The 90K ipfile didn't show any noticeable CPU usage. Even on a 1GHz CPU with 100,000 E-mails/day, that would only account for about 10% of the CPU usage. I would recommend disabling both one at a time, to see if one of them specifically is causing the high CPU usage. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Weird characters in email
Scott, Can I send you the complete message (with headers) off list, to have a look at it? It's not the firs one I've seen and punching part of the string into Google returned some findings. I still have to dig through them, but maybe if you have a look at the complete message, you'll get a better understanding of what's going on. Thanks Adrian R. Scott Perry wrote: Has anyone seen weird characters in an email like that: Your message did not reach the following recipient(s): +ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKg- MAY NEW RELEASE SLEEVES +ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKg- That's a bounce message from the remote end. Those characters look a lot like some type of encoding (base64/uuencode/BinHex), but I think they are just random characters that are repeating (unless it is something very odd that is encoded). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Regards, Adrian Titei Director of IT Jumbo Entertainment Inc. p: 905-634-4244 x 232 f: 905-632-2964 e: [EMAIL PROTECTED] === Confidentiality Notice: This e-mail message and any attachment to same contains confidential information intended only for the person(s) to whom the said e-mail is intended to be sent. Any review, retransmission, dissemination or other use of or the taking of any action and reliance upon this information by persons or entities other than the intended recipient violates confidentiality and is prohibited. If you have received this e-mail message in error, please notify the sender immediately and delete the e-mail message from your computer. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High CPU usage
Thanks I have disabled both and still have high CPU usage. I run inoculate as my virus protection as well but do not think it is really the problem. In that case, you can go to the Task Manager, click on the Processes tab, and then click the CPU button. That will sort the processes by CPU usage, with the offender(s) at the top. I viewed the processes and I am still seeing 40 to 60 simultaneous declude calls with the same number of inoculate calls. Did you make any DNS changes (switching DNS servers in the IMail SMTP settings, for example)? That could cause the Declude.exe processes to stay in memory. Are viruses getting caught? If inoculate is not responding, the processes would stay in memory a long time (and viruses would not get caught). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High CPU usage
SMTP is the culprit here. I can shut down declude and the usage is still at 100%. No DNS changes have been made. Viruses are being caught at the rate of about 1100 every 3 hours. Is there any know issue on Imail that you know of on smtp. I am running version 8.05 Rick Hogue www.intent.net Web Hosting 1-800-866-2983 www.prosperity.com Featured web site -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, April 28, 2004 5:04 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] High CPU usage Thanks I have disabled both and still have high CPU usage. I run inoculate as my virus protection as well but do not think it is really the problem. In that case, you can go to the Task Manager, click on the Processes tab, and then click the CPU button. That will sort the processes by CPU usage, with the offender(s) at the top. I viewed the processes and I am still seeing 40 to 60 simultaneous declude calls with the same number of inoculate calls. Did you make any DNS changes (switching DNS servers in the IMail SMTP settings, for example)? That could cause the Declude.exe processes to stay in memory. Are viruses getting caught? If inoculate is not responding, the processes would stay in memory a long time (and viruses would not get caught). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] High CPU usage
Is SMTP32.exe running at 100% or is it the total processor utilization? I'm not sure how you might "shut down Declude" unless you change the SMTP service to not call it and stop and restart it. Your previous message strongly suggested that your virus scanner isn't responding properly and that would be the first place to look. We're doing about 35,000 messages a day and Monday set a record for viruses which probably came in around 6,000. I would consider that volume of viruses to be out of the ordinary, but Netsky loves to send huge numbers of messages, with many going to invalid addresses that it parses from Message-ID's. You might try turning off the nobody alias if this is the case. Another strong suggestion would be to use F-Prot instead of Inoculate. My testing of various virus scanners with Declude showed F-Prot to be MUCH more efficient (the version that you pay for). That might solve your problem right there. F-Prot is cheap and it's the best command line scanner around when it comes to efficiency, hands down. With similar traffic on my server, and it being similar in size (a little more powerful), it would croak no doubt about it with a blacklist of 30,000 entries, in fact with a total of less than 5,000 lines of matches of various types, it couldn't manage if it wasn't for SKIPIFWEIGHT which defeats most of the filters about 70% of the time (not possible with ipfiles and fromfiles, though they are much leaner than body searches). Just throwing out a few ideas. Matt Rick Hogue wrote: SMTP is the culprit here. I can shut down declude and the usage is still at 100%. No DNS changes have been made. Viruses are being caught at the rate of about 1100 every 3 hours. Is there any know issue on Imail that you know of on smtp. I am running version 8.05 Rick Hogue www.intent.net Web Hosting 1-800-866-2983 www.prosperity.com Featured web site -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, April 28, 2004 5:04 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] High CPU usage Thanks I have disabled both and still have high CPU usage. I run inoculate as my virus protection as well but do not think it is really the problem. In that case, you can go to the Task Manager, click on the Processes tab, and then click the CPU button. That will sort the processes by CPU usage, with the offender(s) at the top. I viewed the processes and I am still seeing 40 to 60 simultaneous declude calls with the same number of inoculate calls. Did you make any DNS changes (switching DNS servers in the IMail SMTP settings, for example)? That could cause the Declude.exe processes to stay in memory. Are viruses getting caught? If inoculate is not responding, the processes would stay in memory a long time (and viruses would not get caught). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[Declude.JunkMail] SPAMDOMAINS Failure
Hello, Had a client forward me an e-mail that failed the SPAMDOMAIN test (along with a couple others). Below are the internet headers of the SPAMDOMAINs failure (I can post the full inet headers if desired): X-RBL-Warning: SPAMDOMAINS: Spamdomain 'att.net' found: Address of [EMAIL PROTECTED] sent from invalid emhmta02.cdpd.airdata.com. X-Declude-Sender: [EMAIL PROTECTED] [199.88.234.47] I have an entry of: att.net in our spamdomains.txt file. Now to add this entry to the spamdomains.txt file, I would make the following entry, correct? att.net .airdata.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High CPU usage
If I turn off SMTP my processor utilization is around 3 percent. With SMTP turned on and Declude turned off SMTP is at 99% with Declude on it is 100% So I kind of doubt that it is Declude even with the large lists I am using. Thanks for the advice on F-Prot I will look into that as a possibility. I like Innoculate but it is a bear to configure. If it had not been for Scott I would really have been in a mess with it. I just checked the processors on that system and now I am running at between 20 and 45% rather than the 100 I have been for the past 4 days. I guess I am going to have to look through snoop to see what it possibly could be. Rick Hogue www.intent.net Web Hosting 1-800-866-2983 www.prosperity.com Featured web site From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, April 28, 2004 7:22 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] High CPU usage Is SMTP32.exe running at 100% or is it the total processor utilization? I'm not sure how you might "shut down Declude" unless you change the SMTP service to not call it and stop and restart it. Your previous message strongly suggested that your virus scanner isn't responding properly and that would be the first place to look. We're doing about 35,000 messages a day and Monday set a record for viruses which probably came in around 6,000. I would consider that volume of viruses to be out of the ordinary, but Netsky loves to send huge numbers of messages, with many going to invalid addresses that it parses from Message-ID's. You might try turning off the nobody alias if this is the case. Another strong suggestion would be to use F-Prot instead of Inoculate. My testing of various virus scanners with Declude showed F-Prot to be MUCH more efficient (the version that you pay for). That might solve your problem right there. F-Prot is cheap and it's the best command line scanner around when it comes to efficiency, hands down.With similar traffic on my server, and it being similar in size (a little more powerful), it would croak no doubt about it with a blacklist of 30,000 entries, in fact with a total of less than 5,000 lines of matches of various types, it couldn't manage if it wasn't for SKIPIFWEIGHT which defeats most of the filters about 70% of the time (not possible with ipfiles and fromfiles, though they are much leaner than body searches).Just throwing out a few ideas.MattRick Hogue wrote: SMTP is the culprit here. I can shut down declude and the usage is still at 100%. No DNS changes have been made. Viruses are being caught at the rate of about 1100 every 3 hours. Is there any know issue on Imail that you know of on smtp. I am running version 8.05 Rick Hogue www.intent.net Web Hosting 1-800-866-2983 www.prosperity.com Featured web site -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, April 28, 2004 5:04 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] High CPU usage Thanks I have disabled both and still have high CPU usage. I run inoculate as my virus protection as well but do not think it is really the problem. In that case, you can go to the Task Manager, click on the Processes tab, and then click the CPU button. That will sort the processes by CPU usage, with the offender(s) at the top. I viewed the processes and I am still seeing 40 to 60 simultaneous declude calls with the same number of inoculate calls. Did you make any DNS changes (switching DNS servers in the IMail SMTP settings, for example)? That could cause the Declude.exe processes to stay in memory. Are viruses getting caught? If inoculate is not responding, the processes would stay in memory a long time (and viruses would not get caught). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro.
Re: [Declude.JunkMail] SPAMDOMAINS Failure
I'd be leary of a spamdomain att.net .airdata.com If you received e-mail from catt.net, it would fail the above line. I made up catt.net, but valid non-ATT domains ending in att.net may exist. perhaps mobile.att.net .airdata.com @att.net .att.net or .att.net.airdata.com @att.net .att.net [EMAIL PROTECTED] 4/28 7:22p Hello, Had a client forward me an e-mail that failed the SPAMDOMAIN test (along with a couple others). Below are the internet headers of the SPAMDOMAINs failure (I can post the full inet headers if desired): X-RBL-Warning: SPAMDOMAINS: Spamdomain 'att.net' found: Address of [EMAIL PROTECTED] sent from invalid emhmta02.cdpd.airdata.com. X-Declude-Sender: [EMAIL PROTECTED] [199.88.234.47] I have an entry of: att.net in our spamdomains.txt file. Now to add this entry to the spamdomains.txt file, I would make the following entry, correct? att.net .airdata.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.