date:20050727

RE: [Declude.JunkMail] How is declude working with smartermail?

2005-07-27 Thread Kevin Bilbee

Dave Beckstrom wrote
 How do you prevent 
 spammers from bypassing the gateway server since smartermail 
 doesn't support a mail port which is a send only port with 
 authorization?

Are you refering to a port like 587. SmarterMail does support it in its
current vesion.


What smartermail does not support is is authentication with declude.
Supposedly version 3 of smartermail will support authentication.


Kevin Bilbee


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] How is declude working with smartermail?

2005-07-27 Thread Dave Beckstrom

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Kevin Bilbee
 Sent: Wednesday, July 27, 2005 2:14 AM
 To: Declude.JunkMail@declude.com
 Subject: RE: [Declude.JunkMail] How is declude working with smartermail?

 Dave Beckstrom wrote
  How do you prevent
  spammers from bypassing the gateway server since smartermail
  doesn't support a mail port which is a send only port with
  authorization?

 Are you refering to a port like 587. SmarterMail does support it in its
 current vesion.

 What smartermail does not support is is authentication with declude.
 Supposedly version 3 of smartermail will support authentication.

 Kevin Bilbee

Kevin,

Yes, I was referring to port 587.  I think you and I are saying the same
thing but I'll try to clarify for everyone reading this topic.

Smartermail does not support port 587 as a submission-only port as defined
by the RFCs.  

Smartermail supports defining a secondary SMTP port.  You could configure
smartermail to accept smtp connections on both port 25 and port 587.
Unfortunately, that doesn't solve anything because we need port 587 to be a
submission-only port and to require SMTP AUTH.  The latter is the only means
we would have to keep spammers from bypassing your front-end spam filtering
gateway server.  If they find that smartermail accepts smtp connections for
delivery on port 587 and that it doesn't require any kind of authorization
they will just dump their spam there and bypass the gateway server
altogether.

Smartertools has said they will consider changing it for version 3 but they
say that about everything and they also have no plans in the near future to
release version 3.  They are working on their stats software at the moment.

I personally have concluded that the only really practical way to spam
filter is with a spam filtering gateway up front in order to off-load as
much work as possible from the mail server.

I'm searching for solutions.  I've been using ASSP which runs as proxy but
we're getting a lot of false positives with it.

Declude Pro is too expensive even with the smartertools $100 discount we
receive.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: Re[2]: [Declude.JunkMail] OT: ldap (ldap2aliases)

2005-07-27 Thread System Administrator

on 7/26/05 1:34 PM, Sanford Whiteman wrote:

 .  .  .  so hopefully Sandy can tell me how to allow ldap2aliases to
 reference another port.
 
 When using the -s option to specify the LDAP server, append the port:
 
   -s 1.2.3.4:1389

Sandy,

That seems to work however I'm getting the size limit exceeded message even
though I have the sizelimit -1 line in the slapd.conf. There are
approximately 4000 addresses in the domain I'm working with now.

Just so you are aware, I have 4 imail mailservers. Two are mx gateways, two
are hosting servers. The pull of information by ldap2aliases on mx1 from
hosting1 is working fine.

This current problem occurs when trying to use ldap2aliases on mx1 for
information on hosting2 (hosting2 is using port 1389). Just for kicks I
tried to use ldap2aliases on mx2 for information on hosting2 and I got the
same size error.

Any ideas?

Thanks,
Greg



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: Re[2]: [Declude.JunkMail] OT: ldap (ldap2aliases)

2005-07-27 Thread System Administrator

on 7/27/05 7:23 AM, System Administrator wrote:

 This current problem occurs when trying to use ldap2aliases on mx1 for
 information on hosting2 (hosting2 is using port 1389).

Never mind. I rebooted hosting2 and now I don't get the size error on either
mx computer.

Thanks,
Greg

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Savvis 64.14.0.0/16

2005-07-27 Thread Nick Hayer


Hello -

I am looking for some insight on these guys. I get quite a bit of what 
is best described as suspicious email from their networks - are they a 
legit or are they clever spammers?


Thanks!

-Nick




[EMAIL PROTECTED] wrote:


Yesterday I complained about the lack of participation on this list from
Declude.  Today alone there have been over a half a dozen posts.  This has
not gone unnoticed.

Keep up the good work!

Don

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Savvis 64.14.0.0/16

2005-07-27 Thread GlobalWeb.net Webmaster

Savvis themselves is a Tier1 backbone provider.   We use them for our
gateways to the Net;  They are an awesome company - the only provider we
have ever used that actually monitors their network.  We recently
re-arranged our data center to allow for additional racks to be installed,
powered off our router/firewall/csudsu rack for re-location (it was moved
within 5 minutes and powered back on), and within 5 monutes they were
calling us to check on our connectivity.

They take UCE activity very seriously.  An email or call to their NOC will
get this straightened out for you.



Sincerely,

Randy Armbrecht
Support Department
Global Web SolutionsR, Inc.
804-346-5300 x112
877-800-GLOBAL (4562) x112
http://globalweb.net

Richmond's Internet Source since 1996!
WEB HOSTING including EMAIL beginning at $29/month!
DSL Starting at $39.95/month!
Non-Profits - receive a 25% discount on most services!


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Wednesday, July 27, 2005 9:24 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Savvis 64.14.0.0/16

Hello -

I am looking for some insight on these guys. I get quite a bit of what is
best described as suspicious email from their networks - are they a legit or
are they clever spammers?

Thanks!

-Nick




[EMAIL PROTECTED] wrote:

Yesterday I complained about the lack of participation on this list 
from Declude.  Today alone there have been over a half a dozen posts.  
This has not gone unnoticed.

Keep up the good work!

Don

---
This E-mail came from the Declude.JunkMail mailing list.  To 
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
unsubscribe Declude.JunkMail.  The archives can be found at 
http://www.mail-archive.com.


  

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread Scott Fisher


-Marcus:

Here's my invuribl config file...
I add points for being on various URI lists up to a max of 200.
Subject tag at 100, hold at 200, delete at 300:

?xml version=1.0 encoding=utf-8 ?
configuration
 appSettings

   !--License Key Required For invURIBL To Run--
   add key=License_Key value=mykey /

!--Enables the use of an exception file for domains that should be 
skipped--

   add key=Enable Exceptions File value=true /

   !--Path and Filename of the log file.  If left blank the log file will 
be generated in--
   !--the same directory as the executable.  If you have  listed in 
the file--

   !--name it will be replaced with MMDD (Month and Day).--
   add key=LogFile_Path value=invuribl-logfile.txt /

   !-- Options: NORMAL, HIGH, VERBOSE, NONE--
   add key=Log_Mode value=HIGH /

   !-- If the passed in weight exceeds this value, invURIBL will exit 
without --

   !-- running any of the configured tests --
   add key=SKIPWEIGHT value=500 /

   !-- If the accumulated weight exceeds the value listed below invURIBL 
will --

   !-- return the MAXWEIGHT value --
   add key=Enable_Max_Weight value=true /
   add key=MAXWEIGHT value=200 /

   !-- invURIBL will exit when the first domain in either the URI or RBL 
list. --
   !-- If the domain is listed in the URI list the associated RBL lists 
will be checked --

   !-- as well before the application will exit --
   add key=Stop_At_First_Match value=true /

   !--DNS Server Timeout: Number of seconds that invURIBL will wait for a 
response from the DNS Server (Beta 5)--

   add key=DNS_Server_Timeout value=2 /

   !-- This is the URIBL That The Domains Will Be Checked Against --
   add key=URIBL_List1 value=multi.surbl.org /

   !-- Will return the last octet as the weight.  If Custom Bitmask Values 
Are Enabled--

   !-- their values will take precedence over this setting --
   !-- add key=URIBL_Return_Result_As_Weight value=false / --

   !-- Weight added to the result code or custom bitmask total. --
   add key=URIBL_Weight_List1 value=0 /

   !--Allows you to override the normal values for bitmasks for a custom 
return weight--

   add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true /

   !--If using multi.surbl.org see http://www.surbl.org/lists.html#multi 
for which lists correspond --

   !--to which bitmask values --
   add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 /
   add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 /
   add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 /
   add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 /

   !--URI LIST 2--
   add key=URIBL_List2 value=xs.surbl.org /
   add key=URIBL_Weight_List2 value=50 /
   add key=Enable_Custom_Bitmask_Values_URIBL_List2 value=false /
   add key=URI_Bitmask_BitValue_1_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_2_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_4_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_8_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_16_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_32_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_64_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_128_Weight_URIBL_List2 value=0 /

   !--URI LIST 3--
   add key=URIBL_List3 value=multi.uribl.com /
   add key=URIBL_Weight_List3 value=0 /
   add key=Enable_Custom_Bitmask_Values_URIBL_List3 value=true /
   add key=URI_Bitmask_BitValue_1_Weight_URIBL_List3 value=0 /
   add key=URI_Bitmask_BitValue_2_Weight_URIBL_List3 value=50 /
   add key=URI_Bitmask_BitValue_4_Weight_URIBL_List3 value=0 /
   add key=URI_Bitmask_BitValue_8_Weight_URIBL_List3 value=0 /
   add key=URI_Bitmask_BitValue_16_Weight_URIBL_List3 value=0 /
   add key=URI_Bitmask_BitValue_32_Weight_URIBL_List3 value=0 /
   add key=URI_Bitmask_BitValue_64_Weight_URIBL_List3 value=0 /
   add key=URI_Bitmask_BitValue_128_Weight_URIBL_List3 value=0 /

   !--Enables the checking of the URI's name servers against an RBL. --
   !--If the name servers are listed in the RBL the defined weight 
will --
   !--be added.  You also have an option to skip looking up the 
nameservers --

   !--if the URI is already listed in one of the URI lists (Beta 5)--
   add key=Enable_URI_Name_Server_Check value=true /
   add key=Skip_Check_If_URI_Listed_In_URI_List value=false /
   add key=Name_Server_RBL value=sbl.spamhaus.org /
   add key=Name_Server_Weight value=75 /

   !-- If enabled URI's will be resolved to their A Records.--
   add key=ENABLE_URI_IP_LOOKUPS_IN_RBLS value=true /


   !--RBLx Specifies a RBL to lookup the resolved URI's A Record 
Against --
   !--WEIGHT_RBLx Specifies the weight that will be added if the IP 
Address

Re: [Declude.JunkMail] Savvis 64.14.0.0/16

2005-07-27 Thread Scott Fisher


Savvis is a legit provider, not a spam house.
That said they don't seem to be kicking off spammers too well.

I've got these blocks in my IPFILE:
64.14.33.0/24  64.14.33.0/24  inboxcircular2.com added 03-11-05 SBL22016
64.14.48.128/26  64.14.48.128/26  freelotto.com  updtd 04-16-05
64.14.6.112/30  64.14.6.112/30  creditmailings.com added 05-15-05

- Original Message - 
From: Nick Hayer [EMAIL PROTECTED]

To: Declude.JunkMail@declude.com
Sent: Wednesday, July 27, 2005 8:23 AM
Subject: Re: [Declude.JunkMail] Savvis 64.14.0.0/16



Hello -

I am looking for some insight on these guys. I get quite a bit of what is 
best described as suspicious email from their networks - are they a legit 
or are they clever spammers?


Thanks!

-Nick




[EMAIL PROTECTED] wrote:


Yesterday I complained about the lack of participation on this list from
Declude.  Today alone there have been over a half a dozen posts.  This has
not gone unnoticed.

Keep up the good work!

Don

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread Scott Fisher


One more comment...

The new Declude test
HELO-DYNAMIC  dynhelo  x x 50 0

works almost as well as the HELOISIP external test. And it is built in.


- Original Message - 
From: Markus Gufler [EMAIL PROTECTED]

To: Declude.JunkMail@declude.com
Sent: Tuesday, July 26, 2005 5:37 PM
Subject: RE: [Declude.JunkMail] RBL's becoming worthless...



Chuck,

Here some numbers from my side:

100k messages in the last 7 days
50.5% identified as legit, 49.5% as spam (viruses was filtered out before)

The best IP4R-based tests was
CBL (21%, 0.37%FP), SPAMCOP (21%, 0.47%FP) and XBL-DYNA (19%, 0.27%FP)
So they catch less then 50% of incoming spam without creating a 
significant

number of false positives.
FIVETEN-SRC was able to catch 24% of spam but has also had FP's on around 
6%

of all processed messages.

A text-filter combining the results of different IP4R-based tests has
reached a catch rate of 36%. I consider it the current maximum that can be
reached with IP4r-based tests by having a - let's say - moderate number of
false positives.

INV-URIBL instead can catch 37% of all messages as spam and I must say 
that
up to now I haven't had time to try improving the INV-URIBL configfile. 
(Any
suggestion is welcome!) It's also important that the number of FP's for 
this

test is near to zero.

SNIFFER was able to catch 47% of all spam messages but I must also say 
that

there was a significant number of false positives (5%). Most of them
generated by SNIFFER-GENERAL and SNIFFER-RICH.

SPAMCHK has had correct results on around 45% of all messages, but also 
had

around 7% of FP's

Other excelent tests was CMDSPACE (30%, 1%FP) and HELOISIP (13%, 0.17%FP)

Due to Decludes weighting system and the combination of all this tests I 
can
see between 10 and 20 spam messages each month in my inbox, by catching 
more

then 300 spams each day.

Markus




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick
Sent: Tuesday, July 26, 2005 7:57 PM
To: Declude. JunkMail
Subject: [Declude.JunkMail] RBL's becoming worthless...

In the last several months we have seen large quantity of
spam coming from IP blocks that never seem to get listed on
any RBL.  Spamcop is about the only one that picks some of
them up and once in awhile spamhaus.  There was a block last
night that sent several hundred and sendbase.org showed they
had detected no email from that block.

The reason I bring this up is because when we first started
blocking spam I would say the blacklists would catch almost
90% so we relied heavily on the blacklist.  With the
blacklists not being as effective we need to rely on other
tests like sniffer but that misses alot also.

Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be
found at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Filter not triggering / CONTAINS issue

2005-07-27 Thread John Carter

Forum members:

I need to let you know I can not duplicate the so called CONTAINS problem
I ran into in earlier.  In other words the CONTAINS directive seems to be
working ok.  

David Barker requested I send sample emails, log entries, etc. for
evaluation. Not having any of the emails or Declude logs from May and the
fact the config files have been added to since then, I attempted to
replicate the situation with emails from outside my system and a new test
filter looking for embedded characters.  The test filter tagged each
incoming message.

Sorry if I caused undue concern. Regarding posting my comments yesterday, I
hate to sound defensive, but the last communication from Declude in June was
a we are still looking into it.  I had since gone to 2.0.6.16 and added
Sniffer and a couple filters some you have made available.  Basically I
assumed (1) the fix had gotten caught up in the changes and testing they
announced and (2) I had covered up my problem with these changes and that it
still existed.

John

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Savvis 64.14.0.0/16

2005-07-27 Thread Erik

We took block some IP's from Savvis:

64.41.183.130 Savvis
64.241.72.0/24 SAVVIS Communications Corporation
64.28.76.0/24 Savvis


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Wednesday, July 27, 2005 3:49 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Savvis 64.14.0.0/16


Savvis is a legit provider, not a spam house.
That said they don't seem to be kicking off spammers too well.

I've got these blocks in my IPFILE:
64.14.33.0/24  64.14.33.0/24  inboxcircular2.com added 03-11-05 SBL22016
64.14.48.128/26  64.14.48.128/26  freelotto.com  updtd 04-16-05
64.14.6.112/30  64.14.6.112/30  creditmailings.com added 05-15-05

- Original Message - 
From: Nick Hayer [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, July 27, 2005 8:23 AM
Subject: Re: [Declude.JunkMail] Savvis 64.14.0.0/16


 Hello -

 I am looking for some insight on these guys. I get quite a bit of what 
 is
 best described as suspicious email from their networks - are they a legit 
 or are they clever spammers?

 Thanks!

 -Nick




 [EMAIL PROTECTED] wrote:

Yesterday I complained about the lack of participation on this list 
from Declude.  Today alone there have been over a half a dozen posts.  
This has not gone unnoticed.

Keep up the good work!

Don

---
This E-mail came from the Declude.JunkMail mailing list.  To 
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
unsubscribe Declude.JunkMail.  The archives can be found at 
http://www.mail-archive.com.



 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.
 

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re[2]: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread David Sullivan


SF The new Declude test
SF HELO-DYNAMIC  dynhelo  x x 50 0

Any issues with this test if Declude is behind a Postfix gateway with
HOP set to 1?

-- 
Best regards,
 Davidmailto:[EMAIL PROTECTED]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread Keith Johnson

Scott,
What type of speed are you getting from using the invuribl?  We
take in/out well over 70K emails per day on each server, 1 of them takes
in/out 150K.  As I understand it, it is very CPU intensive.  Thanks for
the aid.

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Wednesday, July 27, 2005 9:45 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] RBL's becoming worthless...

-Marcus:

Here's my invuribl config file...
I add points for being on various URI lists up to a max of 200.
Subject tag at 100, hold at 200, delete at 300:

?xml version=1.0 encoding=utf-8 ?
configuration
  appSettings

!--License Key Required For invURIBL To Run--
add key=License_Key value=mykey /

 !--Enables the use of an exception file for domains that should be 
skipped--
add key=Enable Exceptions File value=true /

!--Path and Filename of the log file.  If left blank the log file
will be generated in--
!--the same directory as the executable.  If you have  listed
in the file--
!--name it will be replaced with MMDD (Month and Day).--
add key=LogFile_Path value=invuribl-logfile.txt /

!-- Options: NORMAL, HIGH, VERBOSE, NONE--
add key=Log_Mode value=HIGH /

!-- If the passed in weight exceeds this value, invURIBL will exit
without --
!-- running any of the configured tests --
add key=SKIPWEIGHT value=500 /

!-- If the accumulated weight exceeds the value listed below
invURIBL will --
!-- return the MAXWEIGHT value --
add key=Enable_Max_Weight value=true /
add key=MAXWEIGHT value=200 /

!-- invURIBL will exit when the first domain in either the URI or
RBL list. --
!-- If the domain is listed in the URI list the associated RBL
lists will be checked --
!-- as well before the application will exit --
add key=Stop_At_First_Match value=true /

!--DNS Server Timeout: Number of seconds that invURIBL will wait
for a response from the DNS Server (Beta 5)--
add key=DNS_Server_Timeout value=2 /

!-- This is the URIBL That The Domains Will Be Checked Against --
add key=URIBL_List1 value=multi.surbl.org /

!-- Will return the last octet as the weight.  If Custom Bitmask
Values Are Enabled--
!-- their values will take precedence over this setting --
!-- add key=URIBL_Return_Result_As_Weight value=false / --

!-- Weight added to the result code or custom bitmask total. --
add key=URIBL_Weight_List1 value=0 /

!--Allows you to override the normal values for bitmasks for a
custom return weight--
add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true /

!--If using multi.surbl.org see
http://www.surbl.org/lists.html#multi
for which lists correspond --
!--to which bitmask values --
add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 /
add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 /
add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 /
add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 /
add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 /
add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 /
add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 /
add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 /

!--URI LIST 2--
add key=URIBL_List2 value=xs.surbl.org /
add key=URIBL_Weight_List2 value=50 /
add key=Enable_Custom_Bitmask_Values_URIBL_List2 value=false /
add key=URI_Bitmask_BitValue_1_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_2_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_4_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_8_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_16_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_32_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_64_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_128_Weight_URIBL_List2 value=0 /

!--URI LIST 3--
add key=URIBL_List3 value=multi.uribl.com /
add key=URIBL_Weight_List3 value=0 /
add key=Enable_Custom_Bitmask_Values_URIBL_List3 value=true /
add key=URI_Bitmask_BitValue_1_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_2_Weight_URIBL_List3 value=50 /
add key=URI_Bitmask_BitValue_4_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_8_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_16_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_32_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_64_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_128_Weight_URIBL_List3 value=0 /

!--Enables the checking of the URI's name servers against an RBL.
--
!--If the name servers are listed in the RBL the defined weight
will --
!--be added.  You also have an option to skip looking up the
nameservers --
!--if the URI is

Re[4]: [Declude.JunkMail] OT: ldap (ldap2aliases)

2005-07-27 Thread Sanford Whiteman

 Never  mind.  I rebooted hosting2 and now I don't get the size error
 on either mx computer.

Yep, requires a slapd restart when you change the .conf.

--Sandy




Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
  http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
  
http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/
  
http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: Re[2]: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread Scott Fisher


That's a question for Declude.
Throw the test in with no weight and a WARN action and see what happens is 
what I would do.
- Original Message - 
From: David Sullivan [EMAIL PROTECTED]

To: Declude.JunkMail@declude.com
Sent: Wednesday, July 27, 2005 9:09 AM
Subject: Re[2]: [Declude.JunkMail] RBL's becoming worthless...




SF The new Declude test
SF HELO-DYNAMIC  dynhelo  x x 50 0

Any issues with this test if Declude is behind a Postfix gateway with
HOP set to 1?

--
Best regards,
Davidmailto:[EMAIL PROTECTED]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread Scott Fisher


Darrell would be a better answerer of this question:

Speed is directly dependent on the number of URIs in the email.
The runtime for most of my messages is about 1 to 2 seconds.
It tends to run longer on some ham messages with lots of links.

The SKIPWEIGHT and MAXWEIGHT options can help cut down on the scanning. A 
lot of blatant spam for me gets bypassed by invuribl with the SKIPWEIGHT.
You can also cut out on processing with the senderipwhitelist file which 
will skip scanning from the IPs/CIDRs listed.


- Original Message - 
From: Keith Johnson [EMAIL PROTECTED]

To: Declude.JunkMail@declude.com
Sent: Wednesday, July 27, 2005 10:16 AM
Subject: RE: [Declude.JunkMail] RBL's becoming worthless...


Scott,
What type of speed are you getting from using the invuribl?  We
take in/out well over 70K emails per day on each server, 1 of them takes
in/out 150K.  As I understand it, it is very CPU intensive.  Thanks for
the aid.

Keith

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Wednesday, July 27, 2005 9:45 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] RBL's becoming worthless...

-Marcus:

Here's my invuribl config file...
I add points for being on various URI lists up to a max of 200.
Subject tag at 100, hold at 200, delete at 300:

?xml version=1.0 encoding=utf-8 ?
configuration
 appSettings

   !--License Key Required For invURIBL To Run--
   add key=License_Key value=mykey /

!--Enables the use of an exception file for domains that should be
skipped--
   add key=Enable Exceptions File value=true /

   !--Path and Filename of the log file.  If left blank the log file
will be generated in--
   !--the same directory as the executable.  If you have  listed
in the file--
   !--name it will be replaced with MMDD (Month and Day).--
   add key=LogFile_Path value=invuribl-logfile.txt /

   !-- Options: NORMAL, HIGH, VERBOSE, NONE--
   add key=Log_Mode value=HIGH /

   !-- If the passed in weight exceeds this value, invURIBL will exit
without --
   !-- running any of the configured tests --
   add key=SKIPWEIGHT value=500 /

   !-- If the accumulated weight exceeds the value listed below
invURIBL will --
   !-- return the MAXWEIGHT value --
   add key=Enable_Max_Weight value=true /
   add key=MAXWEIGHT value=200 /

   !-- invURIBL will exit when the first domain in either the URI or
RBL list. --
   !-- If the domain is listed in the URI list the associated RBL
lists will be checked --
   !-- as well before the application will exit --
   add key=Stop_At_First_Match value=true /

   !--DNS Server Timeout: Number of seconds that invURIBL will wait
for a response from the DNS Server (Beta 5)--
   add key=DNS_Server_Timeout value=2 /

   !-- This is the URIBL That The Domains Will Be Checked Against --
   add key=URIBL_List1 value=multi.surbl.org /

   !-- Will return the last octet as the weight.  If Custom Bitmask
Values Are Enabled--
   !-- their values will take precedence over this setting --
   !-- add key=URIBL_Return_Result_As_Weight value=false / --

   !-- Weight added to the result code or custom bitmask total. --
   add key=URIBL_Weight_List1 value=0 /

   !--Allows you to override the normal values for bitmasks for a
custom return weight--
   add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true /

   !--If using multi.surbl.org see
http://www.surbl.org/lists.html#multi
for which lists correspond --
   !--to which bitmask values --
   add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 /
   add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 /
   add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 /
   add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 /

   !--URI LIST 2--
   add key=URIBL_List2 value=xs.surbl.org /
   add key=URIBL_Weight_List2 value=50 /
   add key=Enable_Custom_Bitmask_Values_URIBL_List2 value=false /
   add key=URI_Bitmask_BitValue_1_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_2_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_4_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_8_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_16_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_32_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_64_Weight_URIBL_List2 value=0 /
   add key=URI_Bitmask_BitValue_128_Weight_URIBL_List2 value=0 /

   !--URI LIST 3--
   add key=URIBL_List3 value=multi.uribl.com /
   add key=URIBL_Weight_List3 value=0 /
   add key=Enable_Custom_Bitmask_Values_URIBL_List3 value=true /
   add key=URI_Bitmask_BitValue_1_Weight_URIBL_List3 value=0 /
   add key=URI_Bitmask_BitValue_2_Weight_URIBL_List3 value=50

RE: Re[2]: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread David Barker

Hi David,

If possible you should use the IPBYPASS rather than the HOP

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Wednesday, July 27, 2005 12:27 PM
To: Declude.JunkMail@declude.com
Subject: Re: Re[2]: [Declude.JunkMail] RBL's becoming worthless...

That's a question for Declude.
Throw the test in with no weight and a WARN action and see what happens is
what I would do.
- Original Message -
From: David Sullivan [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, July 27, 2005 9:09 AM
Subject: Re[2]: [Declude.JunkMail] RBL's becoming worthless...



 SF The new Declude test
 SF HELO-DYNAMIC  dynhelo  x x 50 0

 Any issues with this test if Declude is behind a Postfix gateway with 
 HOP set to 1?

 --
 Best regards,
 Davidmailto:[EMAIL PROTECTED]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.
 

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re[4]: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread David Sullivan



DB If possible you should use the IPBYPASS rather than the HOP

Any particular reason? ALL mail passes through the PF gateways first.
Imail/Declude can't be touched from any outside network. The only port
25 allowed into their LAN segment is from the segment that the PF
gateways are on.

-- 
Best regards,
 Davidmailto:[EMAIL PROTECTED]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread Darrell \([EMAIL PROTECTED])

On my system I process about 120K messages a day.  The system is a dual xeon 
2.8ghz 1GB of ram.  The servers CPU usage throughout the day ranges from 30% 
- 70%.  Their are spikes at 100% but they are short lived and correlated to 
a rush of incoming mail.  The average scan time a message takes going 
through invURIBL on my system averages around 1 sec. 

I would agree that invURIBL uses a bit of CPU - a lot of it resides from 
having to decode the message from its format (base64, quoted printable, 
etc).  From my testing across various systems it can add about 10-15% extra 
CPU.  This will vary per system depending on hardware and existing load on 
your server. 

I make extensive use of SKIPWEIGHT, MAXWEIGHT, and the exception files and 
this pays off with lowering run time and CPU. 


Hope this helps.
Darrell 




Scott Fisher writes: 

Darrell would be a better answerer of this question: 


Speed is directly dependent on the number of URIs in the email.
The runtime for most of my messages is about 1 to 2 seconds.
It tends to run longer on some ham messages with lots of links. 

The SKIPWEIGHT and MAXWEIGHT options can help cut down on the scanning. A 
lot of blatant spam for me gets bypassed by invuribl with the SKIPWEIGHT.
You can also cut out on processing with the senderipwhitelist file which 
will skip scanning from the IPs/CIDRs listed. 

- Original Message - From: Keith Johnson 
[EMAIL PROTECTED]

To: Declude.JunkMail@declude.com
Sent: Wednesday, July 27, 2005 10:16 AM
Subject: RE: [Declude.JunkMail] RBL's becoming worthless... 



Scott,
What type of speed are you getting from using the invuribl?  We
take in/out well over 70K emails per day on each server, 1 of them takes
in/out 150K.  As I understand it, it is very CPU intensive.  Thanks for
the aid. 

Keith 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Wednesday, July 27, 2005 9:45 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] RBL's becoming worthless... 

-Marcus: 


Here's my invuribl config file...
I add points for being on various URI lists up to a max of 200.
Subject tag at 100, hold at 200, delete at 300: 


?xml version=1.0 encoding=utf-8 ?
configuration
 appSettings 


   !--License Key Required For invURIBL To Run--
   add key=License_Key value=mykey / 


!--Enables the use of an exception file for domains that should be
skipped--
   add key=Enable Exceptions File value=true / 


   !--Path and Filename of the log file.  If left blank the log file
will be generated in--
   !--the same directory as the executable.  If you have  listed
in the file--
   !--name it will be replaced with MMDD (Month and Day).--
   add key=LogFile_Path value=invuribl-logfile.txt / 


   !-- Options: NORMAL, HIGH, VERBOSE, NONE--
   add key=Log_Mode value=HIGH / 


   !-- If the passed in weight exceeds this value, invURIBL will exit
without --
   !-- running any of the configured tests --
   add key=SKIPWEIGHT value=500 / 


   !-- If the accumulated weight exceeds the value listed below
invURIBL will --
   !-- return the MAXWEIGHT value --
   add key=Enable_Max_Weight value=true /
   add key=MAXWEIGHT value=200 / 


   !-- invURIBL will exit when the first domain in either the URI or
RBL list. --
   !-- If the domain is listed in the URI list the associated RBL
lists will be checked --
   !-- as well before the application will exit --
   add key=Stop_At_First_Match value=true / 


   !--DNS Server Timeout: Number of seconds that invURIBL will wait
for a response from the DNS Server (Beta 5)--
   add key=DNS_Server_Timeout value=2 / 


   !-- This is the URIBL That The Domains Will Be Checked Against --
   add key=URIBL_List1 value=multi.surbl.org / 


   !-- Will return the last octet as the weight.  If Custom Bitmask
Values Are Enabled--
   !-- their values will take precedence over this setting --
   !-- add key=URIBL_Return_Result_As_Weight value=false / -- 


   !-- Weight added to the result code or custom bitmask total. --
   add key=URIBL_Weight_List1 value=0 / 


   !--Allows you to override the normal values for bitmasks for a
custom return weight--
   add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true / 


   !--If using multi.surbl.org see
http://www.surbl.org/lists.html#multi
for which lists correspond --
   !--to which bitmask values --
   add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 /
   add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 /
   add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 /
   add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 /
   add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 / 


   !--URI LIST 2--
   add key=URIBL_List2 value=xs.surbl.org /
   add

RE: Re[4]: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread David Barker

David,

Either configuration in your case should work. However from Scott's Perry
comments regarding the HOP and IPBYPASS.

Normally, you will leave the HOP setting at HOP 0, and use an IPBYPASS
line for each gateway or backup mail server.
6.2 Skipping your backup mail server or gateways

Just thought I would mention it. As it was suggested to test HELO-DYNAMIC
using the WARN action.

David B
www.declude.com

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Sullivan
Sent: Wednesday, July 27, 2005 1:45 PM
To: David Barker
Subject: Re[4]: [Declude.JunkMail] RBL's becoming worthless...



DB If possible you should use the IPBYPASS rather than the HOP

Any particular reason? ALL mail passes through the PF gateways first.
Imail/Declude can't be touched from any outside network. The only port
25 allowed into their LAN segment is from the segment that the PF gateways
are on.

--
Best regards,
 Davidmailto:[EMAIL PROTECTED]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] RBL's becoming worthless...

2005-07-27 Thread Scott Fisher

I was just checking some of my results on the RBL's and the spammers are 
defintely getting smarter.


When I started using Declude in Feb 2004, Spamcop hit on 83% of all the spam 
messages.

For June 2005, Spamcop hit on 48% of all spam messages.

Fiveten Spam dropped from 62% to 41% in the same time frame.

Two (newer) RBL's that seem to work:

1. uceprotect is nice because of it's accuracy:
dnsbl-1.uceprotect.netlists single IP addresses.99.9% accurate here 32 
to 35% of the total spam tagged.
dnsbl-2.uceprotect.netlists /24 subnets 99.8% accurate here. 33 to 38% 
of the total spam tagged.


An IP address could be on both lists causing double-scoring. I use a filter 
to prevent that myself.


2. mxrate has a higher number of total hits, but woth less accuracy.
pub.mxrate.net98.9% accurate here.  59 to 62% of the total spam tagged.

3. If you are feeling advanced...
I've posted a program that take the ASSP Greylist and turns it into a ip4r 
DNS that you can test against. You'll need some DNS knowledge as you'll need 
to run this on your DNS Server.
Using this DNS, I find that ASSP score of .99 tagsabout 13% of the total 
spams at a 99.9% accuracy.
An ASSP score of .91 to .98 tags about 43% of the total spams at a 99.3% 
accuracy.








---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Whitelisting

2005-07-27 Thread Richard Farris




So whitelisting the recipient is always a last 
resort? Better to find out where they are not getting their mail and 
whitelist that or find out why they are not getting their expected 
mail..?
Richard FarrisEthixs Online1.270.247. 
Office1.800.548.3877 Tech Support"Crossroads to a Cleaner 
Internet"

  - Original Message - 
  From: 
  David 
  Franco-Rocha [ Declude ] 
  To: Declude.JunkMail@declude.com 
  
  Sent: Tuesday, July 26, 2005 8:59 
AM
  Subject: Re: [Declude.JunkMail] 
  Whitelisting
  
  Richard,
  
  The problem here is, first of all, that Declude 
  does not look at the cc: or bcc: in the headers. It deals with recipients of 
  the email solely on the basis of what is in the message envelope (q*.smd 
  file), which is discarded by IMail after processing; all you eventually see is 
  the contents of the message itself (the d*.smd file).
  
  Whitelisting ensures that the email will pass all 
  tests. Under optimal circumstances, if an email source or destination is 
  whitelisted, all tests should be skipped. If there are two recipients and only 
  one were whitelisted, the headers of te email would have to indicate a 
  whitelisted weight of 0 for one recipient and the actual weight for the other 
  (non-whitelisted) recipient. That would necessitate two different sets of 
  headers, which would require two separate message files and therefore two 
  separate envelopes: If the non-whitelisted weight exceeded the HOLD threshold, 
  one copy of the email would be placed into the HOLD folder with the envelope 
  modified for that single recipient; the other would be whitelisted and the 
  held recipient would be deleted from that envelope. In other words, Declude 
  would have to generate multiple emails from a single email, which is not 
  practical. How would Declude assign a new queue number to the duplicate email? 
  If one recipient were whitelisted and the other had a weight of 5 (to be 
  delivered), there would be different sets of headers and therefore different 
  emails. They could not both have the same queue number because they could no 
  be placed into the spool at the same time (one would overwrite the 
  other).
  
  The email server generates a separate copy of the 
  email for each recipient after processing by Declude. However, there is no 
  practical way for Declude to create multiple emails from a single 
  message.
  
  David Franco-Rocha
  Declude Technical Support
  
  
  
- Original Message - 
From: 
Richard 
Farris 
To: Declude.JunkMail@declude.com 

Sent: Monday, July 25, 2005 4:24 
PM
Subject: [Declude.JunkMail] 
Whitelisting

I just took out all the email addresses I had 
whitelisted in my Global file last week because I thought this would 
helpstop more spam getting thruand of course folks are now 
emailing me saying they are missing mail..newsletters and 
such...

My question is "Why is it not possible with 
Declude to whitelist an email address and it only applies to that email 
address and not any others that might be in CC or BCC"?
Richard FarrisEthixs Online1.270.247. 
Office1.800.548.3877 Tech Support"Crossroads to a Cleaner 
Internet"

  - Original Message - 
  From: 
  Matt 
  
  To: Declude.JunkMail@declude.com 
  
  Sent: Monday, July 25, 2005 1:47 
  PM
  Subject: Re: [Declude.JunkMail] 
  Filter not triggering
  Kevin,Just a thought if you wanted to confirm this 
  as a bug, maybe try a filter for this same message, but match a full word 
  to see if it triggers. I did decode this segment and there is no 
  additional encoding or other tricks that would cause a filter to not 
  hit.IMO, knowing about bugs like this would be very helpful at 
  times, especially considering the time that it would take each one of us 
  that was affected by it to figure it out on our own. Maybe if 
  Declude doesn't want to post this information on their site, we could take 
  it upon ourselves to share such information with the list when it is 
  discovered. This is for the most part how the list used to function 
  in the old days, though most of us seemed to desire a page dedicated to 
  the topic regardless.MattKevin Bilbee 
  wrote: 
  



Well that would explain why many of my filters are not as 
effective as they used to be. Has Declude announced when the fix will be 
available



Kevin Bilbee

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On 
  Behalf Of John CarterSent: Monday, July 25, 2005 8:05 
  AMTo: Declude.JunkMail@declude.comSubject: 
  RE: [Declude.JunkMail] Filter not triggering
  I have reported to Declude a problem 
  with the "CONTAINS" statement.

Re: [Declude.JunkMail] Whitelisting

2005-07-27 Thread Darrell \([EMAIL PROTECTED])


Richard,

Instead of whitelisting we use negative weight on DNS names.

REVDNS -10 ENDSWITH .dell.com

Darrell

DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus.
http://www.invariantsystems.com




Richard Farris writes:


So whitelisting the recipient is always a last resort?  Better to find out 
where they are not getting their mail and whitelist that or find out why they 
are not getting their expected mail..?

Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
Crossroads to a Cleaner Internet

  - Original Message -
  From: David Franco-Rocha [ Declude ]
  To: Declude.JunkMail@declude.com
  Sent: Tuesday, July 26, 2005 8:59 AM
  Subject: Re: [Declude.JunkMail] Whitelisting


  Richard,

  The problem here is, first of all, that Declude does not look at the cc: or 
bcc: in the headers. It deals with recipients of the email solely on the basis 
of what is in the message envelope (q*.smd file), which is discarded by IMail 
after processing; all you eventually see is the contents of the message itself 
(the d*.smd file).

  Whitelisting ensures that the email will pass all tests. Under optimal 
circumstances, if an email source or destination is whitelisted, all tests 
should be skipped. If there are two recipients and only one were whitelisted, 
the headers of te email would have to indicate a whitelisted weight of 0 for 
one recipient and the actual weight for the other (non-whitelisted) recipient. 
That would necessitate two different sets of headers, which would require two 
separate message files and therefore two separate envelopes: If the 
non-whitelisted weight exceeded the HOLD threshold, one copy of the email would 
be placed into the HOLD folder with the envelope modified for that single 
recipient; the other would be whitelisted and the held recipient would be 
deleted from that envelope. In other words, Declude would have to generate 
multiple emails from a single email, which is not practical. How would Declude 
assign a new queue number to the duplicate email? If one recipient were 
whitelisted and the other had a weight of 5 (to be delivered), there would be 
different sets of headers and therefore different emails. They could not both 
have the same queue number because they could no be placed into the spool at 
the same time (one would overwrite the other).

  The email server generates a separate copy of the email for each recipient 
after processing by Declude. However, there is no practical way for Declude to 
create multiple emails from a single message.

  David Franco-Rocha
  Declude Technical Support


- Original Message -
From: Richard Farris
To: Declude.JunkMail@declude.com
Sent: Monday, July 25, 2005 4:24 PM
Subject: [Declude.JunkMail] Whitelisting


I just took out all the email addresses I had whitelisted in my Global file 
last week because I thought this would help stop more spam getting thruand 
of course folks are now emailing me saying they are missing mail..newsletters 
and such...

My question is Why is it not possible with Declude to whitelist an email 
address and it only applies to that email address and not any others that might be in CC 
or BCC?

Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
Crossroads to a Cleaner Internet

  - Original Message -
  From: Matt
  To: Declude.JunkMail@declude.com
  Sent: Monday, July 25, 2005 1:47 PM
  Subject: Re: [Declude.JunkMail] Filter not triggering


  Kevin,

  Just a thought if you wanted to confirm this as a bug, maybe try a filter 
for this same message, but match a full word to see if it triggers.  I did 
decode this segment and there is no additional encoding or other tricks that 
would cause a filter to not hit.

  IMO, knowing about bugs like this would be very helpful at times, 
especially considering the time that it would take each one of us that was 
affected by it to figure it out on our own.  Maybe if Declude doesn't want to 
post this information on their site, we could take it upon ourselves to share 
such information with the list when it is discovered.  This is for the most 
part how the list used to function in the old days, though most of us seemed to 
desire a page dedicated to the topic regardless.

  Matt





  Kevin Bilbee wrote:
Well that would explain why many of my filters are not as effective as 
they used to be. Has Declude announced when the fix will be available



Kevin Bilbee
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John 
Carter
  Sent: Monday, July 25, 2005 8:05 AM
  To: Declude.JunkMail@declude.com
  Subject: RE: [Declude.JunkMail] Filter not triggering


  I have reported to Declude a problem with the CONTAINS statement.  
Prior to 2.0.6 (or

[Declude.JunkMail] curious about subject line

2005-07-27 Thread Imail Admin

Just a curiosity: I received an email from someone at Veritas, and the
subject line was:

Fw: [WARNING - POSSIBLY NOT VIRUS SCANNED]Re: VERITAS Support: Case ID



I'm assuming that this warning was added by their system?  Why would they do
that?  If they knew it wasn't scanned, why wouldn't they go ahead and scan
it?



Ben Bednarz

BC Web



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] How is declude working with smartermail?

RE: [Declude.JunkMail] How is declude working with smartermail?

Re: Re[2]: [Declude.JunkMail] OT: ldap (ldap2aliases)

Re: Re[2]: [Declude.JunkMail] OT: ldap (ldap2aliases)

Re: [Declude.JunkMail] Savvis 64.14.0.0/16

RE: [Declude.JunkMail] Savvis 64.14.0.0/16

Re: [Declude.JunkMail] RBL's becoming worthless...

Re: [Declude.JunkMail] Savvis 64.14.0.0/16

Re: [Declude.JunkMail] RBL's becoming worthless...

[Declude.JunkMail] Filter not triggering / CONTAINS issue

RE: [Declude.JunkMail] Savvis 64.14.0.0/16

Re[2]: [Declude.JunkMail] RBL's becoming worthless...

RE: [Declude.JunkMail] RBL's becoming worthless...

Re[4]: [Declude.JunkMail] OT: ldap (ldap2aliases)

Re: Re[2]: [Declude.JunkMail] RBL's becoming worthless...

Re: [Declude.JunkMail] RBL's becoming worthless...

RE: Re[2]: [Declude.JunkMail] RBL's becoming worthless...

Re[4]: [Declude.JunkMail] RBL's becoming worthless...

Re: [Declude.JunkMail] RBL's becoming worthless...

RE: Re[4]: [Declude.JunkMail] RBL's becoming worthless...

Re: [Declude.JunkMail] RBL's becoming worthless...

Re: [Declude.JunkMail] Whitelisting

Re: [Declude.JunkMail] Whitelisting

[Declude.JunkMail] curious about subject line

24 matches

Site Navigation

Mail list logo

Footer information