RE: [Declude.JunkMail] How is declude working with smartermail?
Dave Beckstrom wrote How do you prevent spammers from bypassing the gateway server since smartermail doesn't support a mail port which is a send only port with authorization? Are you refering to a port like 587. SmarterMail does support it in its current vesion. What smartermail does not support is is authentication with declude. Supposedly version 3 of smartermail will support authentication. Kevin Bilbee --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How is declude working with smartermail?
-Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Wednesday, July 27, 2005 2:14 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] How is declude working with smartermail? Dave Beckstrom wrote How do you prevent spammers from bypassing the gateway server since smartermail doesn't support a mail port which is a send only port with authorization? Are you refering to a port like 587. SmarterMail does support it in its current vesion. What smartermail does not support is is authentication with declude. Supposedly version 3 of smartermail will support authentication. Kevin Bilbee Kevin, Yes, I was referring to port 587. I think you and I are saying the same thing but I'll try to clarify for everyone reading this topic. Smartermail does not support port 587 as a submission-only port as defined by the RFCs. Smartermail supports defining a secondary SMTP port. You could configure smartermail to accept smtp connections on both port 25 and port 587. Unfortunately, that doesn't solve anything because we need port 587 to be a submission-only port and to require SMTP AUTH. The latter is the only means we would have to keep spammers from bypassing your front-end spam filtering gateway server. If they find that smartermail accepts smtp connections for delivery on port 587 and that it doesn't require any kind of authorization they will just dump their spam there and bypass the gateway server altogether. Smartertools has said they will consider changing it for version 3 but they say that about everything and they also have no plans in the near future to release version 3. They are working on their stats software at the moment. I personally have concluded that the only really practical way to spam filter is with a spam filtering gateway up front in order to off-load as much work as possible from the mail server. I'm searching for solutions. I've been using ASSP which runs as proxy but we're getting a lot of false positives with it. Declude Pro is too expensive even with the smartertools $100 discount we receive. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] OT: ldap (ldap2aliases)
on 7/26/05 1:34 PM, Sanford Whiteman wrote: . . . so hopefully Sandy can tell me how to allow ldap2aliases to reference another port. When using the -s option to specify the LDAP server, append the port: -s 1.2.3.4:1389 Sandy, That seems to work however I'm getting the size limit exceeded message even though I have the sizelimit -1 line in the slapd.conf. There are approximately 4000 addresses in the domain I'm working with now. Just so you are aware, I have 4 imail mailservers. Two are mx gateways, two are hosting servers. The pull of information by ldap2aliases on mx1 from hosting1 is working fine. This current problem occurs when trying to use ldap2aliases on mx1 for information on hosting2 (hosting2 is using port 1389). Just for kicks I tried to use ldap2aliases on mx2 for information on hosting2 and I got the same size error. Any ideas? Thanks, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] OT: ldap (ldap2aliases)
on 7/27/05 7:23 AM, System Administrator wrote: This current problem occurs when trying to use ldap2aliases on mx1 for information on hosting2 (hosting2 is using port 1389). Never mind. I rebooted hosting2 and now I don't get the size error on either mx computer. Thanks, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Savvis 64.14.0.0/16
Hello - I am looking for some insight on these guys. I get quite a bit of what is best described as suspicious email from their networks - are they a legit or are they clever spammers? Thanks! -Nick [EMAIL PROTECTED] wrote: Yesterday I complained about the lack of participation on this list from Declude. Today alone there have been over a half a dozen posts. This has not gone unnoticed. Keep up the good work! Don --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Savvis 64.14.0.0/16
Savvis themselves is a Tier1 backbone provider. We use them for our gateways to the Net; They are an awesome company - the only provider we have ever used that actually monitors their network. We recently re-arranged our data center to allow for additional racks to be installed, powered off our router/firewall/csudsu rack for re-location (it was moved within 5 minutes and powered back on), and within 5 monutes they were calling us to check on our connectivity. They take UCE activity very seriously. An email or call to their NOC will get this straightened out for you. Sincerely, Randy Armbrecht Support Department Global Web SolutionsR, Inc. 804-346-5300 x112 877-800-GLOBAL (4562) x112 http://globalweb.net Richmond's Internet Source since 1996! WEB HOSTING including EMAIL beginning at $29/month! DSL Starting at $39.95/month! Non-Profits - receive a 25% discount on most services! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, July 27, 2005 9:24 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Savvis 64.14.0.0/16 Hello - I am looking for some insight on these guys. I get quite a bit of what is best described as suspicious email from their networks - are they a legit or are they clever spammers? Thanks! -Nick [EMAIL PROTECTED] wrote: Yesterday I complained about the lack of participation on this list from Declude. Today alone there have been over a half a dozen posts. This has not gone unnoticed. Keep up the good work! Don --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RBL's becoming worthless...
-Marcus: Here's my invuribl config file... I add points for being on various URI lists up to a max of 200. Subject tag at 100, hold at 200, delete at 300: ?xml version=1.0 encoding=utf-8 ? configuration appSettings !--License Key Required For invURIBL To Run-- add key=License_Key value=mykey / !--Enables the use of an exception file for domains that should be skipped-- add key=Enable Exceptions File value=true / !--Path and Filename of the log file. If left blank the log file will be generated in-- !--the same directory as the executable. If you have listed in the file-- !--name it will be replaced with MMDD (Month and Day).-- add key=LogFile_Path value=invuribl-logfile.txt / !-- Options: NORMAL, HIGH, VERBOSE, NONE-- add key=Log_Mode value=HIGH / !-- If the passed in weight exceeds this value, invURIBL will exit without -- !-- running any of the configured tests -- add key=SKIPWEIGHT value=500 / !-- If the accumulated weight exceeds the value listed below invURIBL will -- !-- return the MAXWEIGHT value -- add key=Enable_Max_Weight value=true / add key=MAXWEIGHT value=200 / !-- invURIBL will exit when the first domain in either the URI or RBL list. -- !-- If the domain is listed in the URI list the associated RBL lists will be checked -- !-- as well before the application will exit -- add key=Stop_At_First_Match value=true / !--DNS Server Timeout: Number of seconds that invURIBL will wait for a response from the DNS Server (Beta 5)-- add key=DNS_Server_Timeout value=2 / !-- This is the URIBL That The Domains Will Be Checked Against -- add key=URIBL_List1 value=multi.surbl.org / !-- Will return the last octet as the weight. If Custom Bitmask Values Are Enabled-- !-- their values will take precedence over this setting -- !-- add key=URIBL_Return_Result_As_Weight value=false / -- !-- Weight added to the result code or custom bitmask total. -- add key=URIBL_Weight_List1 value=0 / !--Allows you to override the normal values for bitmasks for a custom return weight-- add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true / !--If using multi.surbl.org see http://www.surbl.org/lists.html#multi for which lists correspond -- !--to which bitmask values -- add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 / !--URI LIST 2-- add key=URIBL_List2 value=xs.surbl.org / add key=URIBL_Weight_List2 value=50 / add key=Enable_Custom_Bitmask_Values_URIBL_List2 value=false / add key=URI_Bitmask_BitValue_1_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List2 value=0 / !--URI LIST 3-- add key=URIBL_List3 value=multi.uribl.com / add key=URIBL_Weight_List3 value=0 / add key=Enable_Custom_Bitmask_Values_URIBL_List3 value=true / add key=URI_Bitmask_BitValue_1_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List3 value=50 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List3 value=0 / !--Enables the checking of the URI's name servers against an RBL. -- !--If the name servers are listed in the RBL the defined weight will -- !--be added. You also have an option to skip looking up the nameservers -- !--if the URI is already listed in one of the URI lists (Beta 5)-- add key=Enable_URI_Name_Server_Check value=true / add key=Skip_Check_If_URI_Listed_In_URI_List value=false / add key=Name_Server_RBL value=sbl.spamhaus.org / add key=Name_Server_Weight value=75 / !-- If enabled URI's will be resolved to their A Records.-- add key=ENABLE_URI_IP_LOOKUPS_IN_RBLS value=true / !--RBLx Specifies a RBL to lookup the resolved URI's A Record Against -- !--WEIGHT_RBLx Specifies the weight that will be added if the IP Address
Re: [Declude.JunkMail] Savvis 64.14.0.0/16
Savvis is a legit provider, not a spam house. That said they don't seem to be kicking off spammers too well. I've got these blocks in my IPFILE: 64.14.33.0/24 64.14.33.0/24 inboxcircular2.com added 03-11-05 SBL22016 64.14.48.128/26 64.14.48.128/26 freelotto.com updtd 04-16-05 64.14.6.112/30 64.14.6.112/30 creditmailings.com added 05-15-05 - Original Message - From: Nick Hayer [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, July 27, 2005 8:23 AM Subject: Re: [Declude.JunkMail] Savvis 64.14.0.0/16 Hello - I am looking for some insight on these guys. I get quite a bit of what is best described as suspicious email from their networks - are they a legit or are they clever spammers? Thanks! -Nick [EMAIL PROTECTED] wrote: Yesterday I complained about the lack of participation on this list from Declude. Today alone there have been over a half a dozen posts. This has not gone unnoticed. Keep up the good work! Don --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RBL's becoming worthless...
One more comment... The new Declude test HELO-DYNAMIC dynhelo x x 50 0 works almost as well as the HELOISIP external test. And it is built in. - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, July 26, 2005 5:37 PM Subject: RE: [Declude.JunkMail] RBL's becoming worthless... Chuck, Here some numbers from my side: 100k messages in the last 7 days 50.5% identified as legit, 49.5% as spam (viruses was filtered out before) The best IP4R-based tests was CBL (21%, 0.37%FP), SPAMCOP (21%, 0.47%FP) and XBL-DYNA (19%, 0.27%FP) So they catch less then 50% of incoming spam without creating a significant number of false positives. FIVETEN-SRC was able to catch 24% of spam but has also had FP's on around 6% of all processed messages. A text-filter combining the results of different IP4R-based tests has reached a catch rate of 36%. I consider it the current maximum that can be reached with IP4r-based tests by having a - let's say - moderate number of false positives. INV-URIBL instead can catch 37% of all messages as spam and I must say that up to now I haven't had time to try improving the INV-URIBL configfile. (Any suggestion is welcome!) It's also important that the number of FP's for this test is near to zero. SNIFFER was able to catch 47% of all spam messages but I must also say that there was a significant number of false positives (5%). Most of them generated by SNIFFER-GENERAL and SNIFFER-RICH. SPAMCHK has had correct results on around 45% of all messages, but also had around 7% of FP's Other excelent tests was CMDSPACE (30%, 1%FP) and HELOISIP (13%, 0.17%FP) Due to Decludes weighting system and the combination of all this tests I can see between 10 and 20 spam messages each month in my inbox, by catching more then 300 spams each day. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, July 26, 2005 7:57 PM To: Declude. JunkMail Subject: [Declude.JunkMail] RBL's becoming worthless... In the last several months we have seen large quantity of spam coming from IP blocks that never seem to get listed on any RBL. Spamcop is about the only one that picks some of them up and once in awhile spamhaus. There was a block last night that sent several hundred and sendbase.org showed they had detected no email from that block. The reason I bring this up is because when we first started blocking spam I would say the blacklists would catch almost 90% so we relied heavily on the blacklist. With the blacklists not being as effective we need to rely on other tests like sniffer but that misses alot also. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filter not triggering / CONTAINS issue
Forum members: I need to let you know I can not duplicate the so called CONTAINS problem I ran into in earlier. In other words the CONTAINS directive seems to be working ok. David Barker requested I send sample emails, log entries, etc. for evaluation. Not having any of the emails or Declude logs from May and the fact the config files have been added to since then, I attempted to replicate the situation with emails from outside my system and a new test filter looking for embedded characters. The test filter tagged each incoming message. Sorry if I caused undue concern. Regarding posting my comments yesterday, I hate to sound defensive, but the last communication from Declude in June was a we are still looking into it. I had since gone to 2.0.6.16 and added Sniffer and a couple filters some you have made available. Basically I assumed (1) the fix had gotten caught up in the changes and testing they announced and (2) I had covered up my problem with these changes and that it still existed. John --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Savvis 64.14.0.0/16
We took block some IP's from Savvis: 64.41.183.130 Savvis 64.241.72.0/24 SAVVIS Communications Corporation 64.28.76.0/24 Savvis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, July 27, 2005 3:49 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Savvis 64.14.0.0/16 Savvis is a legit provider, not a spam house. That said they don't seem to be kicking off spammers too well. I've got these blocks in my IPFILE: 64.14.33.0/24 64.14.33.0/24 inboxcircular2.com added 03-11-05 SBL22016 64.14.48.128/26 64.14.48.128/26 freelotto.com updtd 04-16-05 64.14.6.112/30 64.14.6.112/30 creditmailings.com added 05-15-05 - Original Message - From: Nick Hayer [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, July 27, 2005 8:23 AM Subject: Re: [Declude.JunkMail] Savvis 64.14.0.0/16 Hello - I am looking for some insight on these guys. I get quite a bit of what is best described as suspicious email from their networks - are they a legit or are they clever spammers? Thanks! -Nick [EMAIL PROTECTED] wrote: Yesterday I complained about the lack of participation on this list from Declude. Today alone there have been over a half a dozen posts. This has not gone unnoticed. Keep up the good work! Don --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] RBL's becoming worthless...
SF The new Declude test SF HELO-DYNAMIC dynhelo x x 50 0 Any issues with this test if Declude is behind a Postfix gateway with HOP set to 1? -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RBL's becoming worthless...
Scott, What type of speed are you getting from using the invuribl? We take in/out well over 70K emails per day on each server, 1 of them takes in/out 150K. As I understand it, it is very CPU intensive. Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, July 27, 2005 9:45 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] RBL's becoming worthless... -Marcus: Here's my invuribl config file... I add points for being on various URI lists up to a max of 200. Subject tag at 100, hold at 200, delete at 300: ?xml version=1.0 encoding=utf-8 ? configuration appSettings !--License Key Required For invURIBL To Run-- add key=License_Key value=mykey / !--Enables the use of an exception file for domains that should be skipped-- add key=Enable Exceptions File value=true / !--Path and Filename of the log file. If left blank the log file will be generated in-- !--the same directory as the executable. If you have listed in the file-- !--name it will be replaced with MMDD (Month and Day).-- add key=LogFile_Path value=invuribl-logfile.txt / !-- Options: NORMAL, HIGH, VERBOSE, NONE-- add key=Log_Mode value=HIGH / !-- If the passed in weight exceeds this value, invURIBL will exit without -- !-- running any of the configured tests -- add key=SKIPWEIGHT value=500 / !-- If the accumulated weight exceeds the value listed below invURIBL will -- !-- return the MAXWEIGHT value -- add key=Enable_Max_Weight value=true / add key=MAXWEIGHT value=200 / !-- invURIBL will exit when the first domain in either the URI or RBL list. -- !-- If the domain is listed in the URI list the associated RBL lists will be checked -- !-- as well before the application will exit -- add key=Stop_At_First_Match value=true / !--DNS Server Timeout: Number of seconds that invURIBL will wait for a response from the DNS Server (Beta 5)-- add key=DNS_Server_Timeout value=2 / !-- This is the URIBL That The Domains Will Be Checked Against -- add key=URIBL_List1 value=multi.surbl.org / !-- Will return the last octet as the weight. If Custom Bitmask Values Are Enabled-- !-- their values will take precedence over this setting -- !-- add key=URIBL_Return_Result_As_Weight value=false / -- !-- Weight added to the result code or custom bitmask total. -- add key=URIBL_Weight_List1 value=0 / !--Allows you to override the normal values for bitmasks for a custom return weight-- add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true / !--If using multi.surbl.org see http://www.surbl.org/lists.html#multi for which lists correspond -- !--to which bitmask values -- add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 / !--URI LIST 2-- add key=URIBL_List2 value=xs.surbl.org / add key=URIBL_Weight_List2 value=50 / add key=Enable_Custom_Bitmask_Values_URIBL_List2 value=false / add key=URI_Bitmask_BitValue_1_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List2 value=0 / !--URI LIST 3-- add key=URIBL_List3 value=multi.uribl.com / add key=URIBL_Weight_List3 value=0 / add key=Enable_Custom_Bitmask_Values_URIBL_List3 value=true / add key=URI_Bitmask_BitValue_1_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List3 value=50 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List3 value=0 / !--Enables the checking of the URI's name servers against an RBL. -- !--If the name servers are listed in the RBL the defined weight will -- !--be added. You also have an option to skip looking up the nameservers -- !--if the URI is
Re[4]: [Declude.JunkMail] OT: ldap (ldap2aliases)
Never mind. I rebooted hosting2 and now I don't get the size error on either mx computer. Yep, requires a slapd restart when you change the .conf. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] RBL's becoming worthless...
That's a question for Declude. Throw the test in with no weight and a WARN action and see what happens is what I would do. - Original Message - From: David Sullivan [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, July 27, 2005 9:09 AM Subject: Re[2]: [Declude.JunkMail] RBL's becoming worthless... SF The new Declude test SF HELO-DYNAMIC dynhelo x x 50 0 Any issues with this test if Declude is behind a Postfix gateway with HOP set to 1? -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RBL's becoming worthless...
Darrell would be a better answerer of this question: Speed is directly dependent on the number of URIs in the email. The runtime for most of my messages is about 1 to 2 seconds. It tends to run longer on some ham messages with lots of links. The SKIPWEIGHT and MAXWEIGHT options can help cut down on the scanning. A lot of blatant spam for me gets bypassed by invuribl with the SKIPWEIGHT. You can also cut out on processing with the senderipwhitelist file which will skip scanning from the IPs/CIDRs listed. - Original Message - From: Keith Johnson [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, July 27, 2005 10:16 AM Subject: RE: [Declude.JunkMail] RBL's becoming worthless... Scott, What type of speed are you getting from using the invuribl? We take in/out well over 70K emails per day on each server, 1 of them takes in/out 150K. As I understand it, it is very CPU intensive. Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, July 27, 2005 9:45 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] RBL's becoming worthless... -Marcus: Here's my invuribl config file... I add points for being on various URI lists up to a max of 200. Subject tag at 100, hold at 200, delete at 300: ?xml version=1.0 encoding=utf-8 ? configuration appSettings !--License Key Required For invURIBL To Run-- add key=License_Key value=mykey / !--Enables the use of an exception file for domains that should be skipped-- add key=Enable Exceptions File value=true / !--Path and Filename of the log file. If left blank the log file will be generated in-- !--the same directory as the executable. If you have listed in the file-- !--name it will be replaced with MMDD (Month and Day).-- add key=LogFile_Path value=invuribl-logfile.txt / !-- Options: NORMAL, HIGH, VERBOSE, NONE-- add key=Log_Mode value=HIGH / !-- If the passed in weight exceeds this value, invURIBL will exit without -- !-- running any of the configured tests -- add key=SKIPWEIGHT value=500 / !-- If the accumulated weight exceeds the value listed below invURIBL will -- !-- return the MAXWEIGHT value -- add key=Enable_Max_Weight value=true / add key=MAXWEIGHT value=200 / !-- invURIBL will exit when the first domain in either the URI or RBL list. -- !-- If the domain is listed in the URI list the associated RBL lists will be checked -- !-- as well before the application will exit -- add key=Stop_At_First_Match value=true / !--DNS Server Timeout: Number of seconds that invURIBL will wait for a response from the DNS Server (Beta 5)-- add key=DNS_Server_Timeout value=2 / !-- This is the URIBL That The Domains Will Be Checked Against -- add key=URIBL_List1 value=multi.surbl.org / !-- Will return the last octet as the weight. If Custom Bitmask Values Are Enabled-- !-- their values will take precedence over this setting -- !-- add key=URIBL_Return_Result_As_Weight value=false / -- !-- Weight added to the result code or custom bitmask total. -- add key=URIBL_Weight_List1 value=0 / !--Allows you to override the normal values for bitmasks for a custom return weight-- add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true / !--If using multi.surbl.org see http://www.surbl.org/lists.html#multi for which lists correspond -- !--to which bitmask values -- add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 / !--URI LIST 2-- add key=URIBL_List2 value=xs.surbl.org / add key=URIBL_Weight_List2 value=50 / add key=Enable_Custom_Bitmask_Values_URIBL_List2 value=false / add key=URI_Bitmask_BitValue_1_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List2 value=0 / !--URI LIST 3-- add key=URIBL_List3 value=multi.uribl.com / add key=URIBL_Weight_List3 value=0 / add key=Enable_Custom_Bitmask_Values_URIBL_List3 value=true / add key=URI_Bitmask_BitValue_1_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List3 value=50
RE: Re[2]: [Declude.JunkMail] RBL's becoming worthless...
Hi David, If possible you should use the IPBYPASS rather than the HOP David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, July 27, 2005 12:27 PM To: Declude.JunkMail@declude.com Subject: Re: Re[2]: [Declude.JunkMail] RBL's becoming worthless... That's a question for Declude. Throw the test in with no weight and a WARN action and see what happens is what I would do. - Original Message - From: David Sullivan [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, July 27, 2005 9:09 AM Subject: Re[2]: [Declude.JunkMail] RBL's becoming worthless... SF The new Declude test SF HELO-DYNAMIC dynhelo x x 50 0 Any issues with this test if Declude is behind a Postfix gateway with HOP set to 1? -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] RBL's becoming worthless...
DB If possible you should use the IPBYPASS rather than the HOP Any particular reason? ALL mail passes through the PF gateways first. Imail/Declude can't be touched from any outside network. The only port 25 allowed into their LAN segment is from the segment that the PF gateways are on. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RBL's becoming worthless...
On my system I process about 120K messages a day. The system is a dual xeon 2.8ghz 1GB of ram. The servers CPU usage throughout the day ranges from 30% - 70%. Their are spikes at 100% but they are short lived and correlated to a rush of incoming mail. The average scan time a message takes going through invURIBL on my system averages around 1 sec. I would agree that invURIBL uses a bit of CPU - a lot of it resides from having to decode the message from its format (base64, quoted printable, etc). From my testing across various systems it can add about 10-15% extra CPU. This will vary per system depending on hardware and existing load on your server. I make extensive use of SKIPWEIGHT, MAXWEIGHT, and the exception files and this pays off with lowering run time and CPU. Hope this helps. Darrell Scott Fisher writes: Darrell would be a better answerer of this question: Speed is directly dependent on the number of URIs in the email. The runtime for most of my messages is about 1 to 2 seconds. It tends to run longer on some ham messages with lots of links. The SKIPWEIGHT and MAXWEIGHT options can help cut down on the scanning. A lot of blatant spam for me gets bypassed by invuribl with the SKIPWEIGHT. You can also cut out on processing with the senderipwhitelist file which will skip scanning from the IPs/CIDRs listed. - Original Message - From: Keith Johnson [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, July 27, 2005 10:16 AM Subject: RE: [Declude.JunkMail] RBL's becoming worthless... Scott, What type of speed are you getting from using the invuribl? We take in/out well over 70K emails per day on each server, 1 of them takes in/out 150K. As I understand it, it is very CPU intensive. Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, July 27, 2005 9:45 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] RBL's becoming worthless... -Marcus: Here's my invuribl config file... I add points for being on various URI lists up to a max of 200. Subject tag at 100, hold at 200, delete at 300: ?xml version=1.0 encoding=utf-8 ? configuration appSettings !--License Key Required For invURIBL To Run-- add key=License_Key value=mykey / !--Enables the use of an exception file for domains that should be skipped-- add key=Enable Exceptions File value=true / !--Path and Filename of the log file. If left blank the log file will be generated in-- !--the same directory as the executable. If you have listed in the file-- !--name it will be replaced with MMDD (Month and Day).-- add key=LogFile_Path value=invuribl-logfile.txt / !-- Options: NORMAL, HIGH, VERBOSE, NONE-- add key=Log_Mode value=HIGH / !-- If the passed in weight exceeds this value, invURIBL will exit without -- !-- running any of the configured tests -- add key=SKIPWEIGHT value=500 / !-- If the accumulated weight exceeds the value listed below invURIBL will -- !-- return the MAXWEIGHT value -- add key=Enable_Max_Weight value=true / add key=MAXWEIGHT value=200 / !-- invURIBL will exit when the first domain in either the URI or RBL list. -- !-- If the domain is listed in the URI list the associated RBL lists will be checked -- !-- as well before the application will exit -- add key=Stop_At_First_Match value=true / !--DNS Server Timeout: Number of seconds that invURIBL will wait for a response from the DNS Server (Beta 5)-- add key=DNS_Server_Timeout value=2 / !-- This is the URIBL That The Domains Will Be Checked Against -- add key=URIBL_List1 value=multi.surbl.org / !-- Will return the last octet as the weight. If Custom Bitmask Values Are Enabled-- !-- their values will take precedence over this setting -- !-- add key=URIBL_Return_Result_As_Weight value=false / -- !-- Weight added to the result code or custom bitmask total. -- add key=URIBL_Weight_List1 value=0 / !--Allows you to override the normal values for bitmasks for a custom return weight-- add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true / !--If using multi.surbl.org see http://www.surbl.org/lists.html#multi for which lists correspond -- !--to which bitmask values -- add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 / !--URI LIST 2-- add key=URIBL_List2 value=xs.surbl.org / add
RE: Re[4]: [Declude.JunkMail] RBL's becoming worthless...
David, Either configuration in your case should work. However from Scott's Perry comments regarding the HOP and IPBYPASS. Normally, you will leave the HOP setting at HOP 0, and use an IPBYPASS line for each gateway or backup mail server. 6.2 Skipping your backup mail server or gateways Just thought I would mention it. As it was suggested to test HELO-DYNAMIC using the WARN action. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Sullivan Sent: Wednesday, July 27, 2005 1:45 PM To: David Barker Subject: Re[4]: [Declude.JunkMail] RBL's becoming worthless... DB If possible you should use the IPBYPASS rather than the HOP Any particular reason? ALL mail passes through the PF gateways first. Imail/Declude can't be touched from any outside network. The only port 25 allowed into their LAN segment is from the segment that the PF gateways are on. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RBL's becoming worthless...
I was just checking some of my results on the RBL's and the spammers are defintely getting smarter. When I started using Declude in Feb 2004, Spamcop hit on 83% of all the spam messages. For June 2005, Spamcop hit on 48% of all spam messages. Fiveten Spam dropped from 62% to 41% in the same time frame. Two (newer) RBL's that seem to work: 1. uceprotect is nice because of it's accuracy: dnsbl-1.uceprotect.netlists single IP addresses.99.9% accurate here 32 to 35% of the total spam tagged. dnsbl-2.uceprotect.netlists /24 subnets 99.8% accurate here. 33 to 38% of the total spam tagged. An IP address could be on both lists causing double-scoring. I use a filter to prevent that myself. 2. mxrate has a higher number of total hits, but woth less accuracy. pub.mxrate.net98.9% accurate here. 59 to 62% of the total spam tagged. 3. If you are feeling advanced... I've posted a program that take the ASSP Greylist and turns it into a ip4r DNS that you can test against. You'll need some DNS knowledge as you'll need to run this on your DNS Server. Using this DNS, I find that ASSP score of .99 tagsabout 13% of the total spams at a 99.9% accuracy. An ASSP score of .91 to .98 tags about 43% of the total spams at a 99.3% accuracy. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisting
So whitelisting the recipient is always a last resort? Better to find out where they are not getting their mail and whitelist that or find out why they are not getting their expected mail..? Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet" - Original Message - From: David Franco-Rocha [ Declude ] To: Declude.JunkMail@declude.com Sent: Tuesday, July 26, 2005 8:59 AM Subject: Re: [Declude.JunkMail] Whitelisting Richard, The problem here is, first of all, that Declude does not look at the cc: or bcc: in the headers. It deals with recipients of the email solely on the basis of what is in the message envelope (q*.smd file), which is discarded by IMail after processing; all you eventually see is the contents of the message itself (the d*.smd file). Whitelisting ensures that the email will pass all tests. Under optimal circumstances, if an email source or destination is whitelisted, all tests should be skipped. If there are two recipients and only one were whitelisted, the headers of te email would have to indicate a whitelisted weight of 0 for one recipient and the actual weight for the other (non-whitelisted) recipient. That would necessitate two different sets of headers, which would require two separate message files and therefore two separate envelopes: If the non-whitelisted weight exceeded the HOLD threshold, one copy of the email would be placed into the HOLD folder with the envelope modified for that single recipient; the other would be whitelisted and the held recipient would be deleted from that envelope. In other words, Declude would have to generate multiple emails from a single email, which is not practical. How would Declude assign a new queue number to the duplicate email? If one recipient were whitelisted and the other had a weight of 5 (to be delivered), there would be different sets of headers and therefore different emails. They could not both have the same queue number because they could no be placed into the spool at the same time (one would overwrite the other). The email server generates a separate copy of the email for each recipient after processing by Declude. However, there is no practical way for Declude to create multiple emails from a single message. David Franco-Rocha Declude Technical Support - Original Message - From: Richard Farris To: Declude.JunkMail@declude.com Sent: Monday, July 25, 2005 4:24 PM Subject: [Declude.JunkMail] Whitelisting I just took out all the email addresses I had whitelisted in my Global file last week because I thought this would helpstop more spam getting thruand of course folks are now emailing me saying they are missing mail..newsletters and such... My question is "Why is it not possible with Declude to whitelist an email address and it only applies to that email address and not any others that might be in CC or BCC"? Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet" - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Monday, July 25, 2005 1:47 PM Subject: Re: [Declude.JunkMail] Filter not triggering Kevin,Just a thought if you wanted to confirm this as a bug, maybe try a filter for this same message, but match a full word to see if it triggers. I did decode this segment and there is no additional encoding or other tricks that would cause a filter to not hit.IMO, knowing about bugs like this would be very helpful at times, especially considering the time that it would take each one of us that was affected by it to figure it out on our own. Maybe if Declude doesn't want to post this information on their site, we could take it upon ourselves to share such information with the list when it is discovered. This is for the most part how the list used to function in the old days, though most of us seemed to desire a page dedicated to the topic regardless.MattKevin Bilbee wrote: Well that would explain why many of my filters are not as effective as they used to be. Has Declude announced when the fix will be available Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John CarterSent: Monday, July 25, 2005 8:05 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Filter not triggering I have reported to Declude a problem with the "CONTAINS" statement.
Re: [Declude.JunkMail] Whitelisting
Richard, Instead of whitelisting we use negative weight on DNS names. REVDNS -10 ENDSWITH .dell.com Darrell DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. http://www.invariantsystems.com Richard Farris writes: So whitelisting the recipient is always a last resort? Better to find out where they are not getting their mail and whitelist that or find out why they are not getting their expected mail..? Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: David Franco-Rocha [ Declude ] To: Declude.JunkMail@declude.com Sent: Tuesday, July 26, 2005 8:59 AM Subject: Re: [Declude.JunkMail] Whitelisting Richard, The problem here is, first of all, that Declude does not look at the cc: or bcc: in the headers. It deals with recipients of the email solely on the basis of what is in the message envelope (q*.smd file), which is discarded by IMail after processing; all you eventually see is the contents of the message itself (the d*.smd file). Whitelisting ensures that the email will pass all tests. Under optimal circumstances, if an email source or destination is whitelisted, all tests should be skipped. If there are two recipients and only one were whitelisted, the headers of te email would have to indicate a whitelisted weight of 0 for one recipient and the actual weight for the other (non-whitelisted) recipient. That would necessitate two different sets of headers, which would require two separate message files and therefore two separate envelopes: If the non-whitelisted weight exceeded the HOLD threshold, one copy of the email would be placed into the HOLD folder with the envelope modified for that single recipient; the other would be whitelisted and the held recipient would be deleted from that envelope. In other words, Declude would have to generate multiple emails from a single email, which is not practical. How would Declude assign a new queue number to the duplicate email? If one recipient were whitelisted and the other had a weight of 5 (to be delivered), there would be different sets of headers and therefore different emails. They could not both have the same queue number because they could no be placed into the spool at the same time (one would overwrite the other). The email server generates a separate copy of the email for each recipient after processing by Declude. However, there is no practical way for Declude to create multiple emails from a single message. David Franco-Rocha Declude Technical Support - Original Message - From: Richard Farris To: Declude.JunkMail@declude.com Sent: Monday, July 25, 2005 4:24 PM Subject: [Declude.JunkMail] Whitelisting I just took out all the email addresses I had whitelisted in my Global file last week because I thought this would help stop more spam getting thruand of course folks are now emailing me saying they are missing mail..newsletters and such... My question is Why is it not possible with Declude to whitelist an email address and it only applies to that email address and not any others that might be in CC or BCC? Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Monday, July 25, 2005 1:47 PM Subject: Re: [Declude.JunkMail] Filter not triggering Kevin, Just a thought if you wanted to confirm this as a bug, maybe try a filter for this same message, but match a full word to see if it triggers. I did decode this segment and there is no additional encoding or other tricks that would cause a filter to not hit. IMO, knowing about bugs like this would be very helpful at times, especially considering the time that it would take each one of us that was affected by it to figure it out on our own. Maybe if Declude doesn't want to post this information on their site, we could take it upon ourselves to share such information with the list when it is discovered. This is for the most part how the list used to function in the old days, though most of us seemed to desire a page dedicated to the topic regardless. Matt Kevin Bilbee wrote: Well that would explain why many of my filters are not as effective as they used to be. Has Declude announced when the fix will be available Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Carter Sent: Monday, July 25, 2005 8:05 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Filter not triggering I have reported to Declude a problem with the CONTAINS statement. Prior to 2.0.6 (or
[Declude.JunkMail] curious about subject line
Just a curiosity: I received an email from someone at Veritas, and the subject line was: Fw: [WARNING - POSSIBLY NOT VIRUS SCANNED]Re: VERITAS Support: Case ID I'm assuming that this warning was added by their system? Why would they do that? If they knew it wasn't scanned, why wouldn't they go ahead and scan it? Ben Bednarz BC Web --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.