So does that mean that you can use a subnet mask to define a logical subnet
or supernet for IP whitelisting? E.g.:
No: xxx.xxx.xxx.128/25 Yes: xxx.xxx.xxx.128 255.255.255.128
No: xxx.xxx.xxx.0/23Yes: xxx.xxx.xxx.0 255.255.254.0
Bill
-Original Message-
From: R. Scott Perry
Okay, I understand. Currently it is only single IP addresses or a full
class C and nothing else, due to the matching scheme that is used.
Thanks for the clarification.
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 18, 2002 4:20 PM
To:
We use them as one of our tests, and we catch a fair amount of junkmail with
them. Here are the tests I use on our Postfix gateway:
bl.spamcop.net,
orbs.dorkslayers.com,
relays.ordb.org,
formmail.relays.monkeys.com,
proxies.relays.monkeys.com,
spews.relays.osirusoft.com,
Do that and you will end up on the blacklist. DSBL says they will list, or
are creating, some tools that will be configured to relay back through the
suspect mail servers with the ultimate destination being the DSBL site,
which will them add the relay site to the blacklist.
However, as Scott
Scott, shouldn't these return A records when an NS lookup is done on
list.dsbl.org or unconfirmed.dsbl.org. All I get is a response that the
data does not exist, even when testing from www.dnsstuff.com.
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent:
Please do not send viruses to the list! Thankfully my gateway server caught
this:
The infected file was saved to quarantine with name: 1017434478-RAV11490.
The file (part0002:)-(part0002:Remind32.exe) attached to mail (with
subject:[Declude.JunkMail] NJABL:Is this a virus) sent
What he said is that relay for addresses and no relay are the only two
options that protect your mail server from being an open relay--the other
options do not. You can use the no relay option if you are using SMTP
Auth, otherwise, relay for addresses is the way to go.
Bill
-Original
Interesting idea--I like it! Would confirmation only apply to those e-mail
that met a certain weight criteria and would normally be rejected without a
confirmation?
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 01, 2002 11:08 AM
To: [EMAIL
I second this, but would really like to see Linux support. With the hooks
in Postfix on Linux, it would be great to be able to call up Declude to do
the spam scanning. Postfix could receive the e-mail, pipe or send via SMTP
to Declude, which would scan for spam (and viruses would be even nicer)
I have been looking
at the documentation for whitelisting with Declude JunkMail and see that you can
whitelist a "from address" but don't see a reference to whitelisting a "to
address". If I have several hundred customers in an e-mail domain (say
example.com) hosted by my IMail server, and
Chuck, I would be interested in seeing your script, as well. Anyway help in
keeping the queue cleaned in an automated fashion works for me.
Thanks,
Bill
-Original Message-
From: Todd Holt [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 20, 2002 1:59 PM
To: [EMAIL PROTECTED]
Subject: RE:
I think that is already available in the Pro version.
-Original Message-
From: Matt Robertson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 9:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Enhancements - unknown sender must reply
to ack
Thanks and I want to push
queried, but if sequentially, what is the timeout interval for no response
received before it tries the next ip4r database?
Thanks for your response!
Regards,
Bill Landry
Director, Network Operations
Pointshare
Now Part of Siemens Medical Solutions Health Services Corporation
DID 425-468-0301
Great, thanks!
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 2:47 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Timing question
Scott, are the ip4r tests run sequentially or all ip4r databases queried at
the same time? The
Scott, as relays.osirusoft.com is one of the RBLs we query for spam, and
being the only one listed multiple times because of the various responses
that can come back, I'm wondering if there is a way to optimize the query if
I want to check all responses as valid. I have:
==
OSDUL
Good question, Paul, I was wondering the same thing.
Also, it appears that if you are running both Declude JunkMail and Virus,
that messages are filtered for spam first and are held if meeting the spam
tests. If my understanding is correct, that makes sense to me since it
saves on CPU cycles by
Wouldn't that also mean that we would need to turn off:
XINHEADER X-Spam-Tests-Failed: %TESTSFAILED%
as well, since people could also filter on this header? I have this
XINHEADER enabled right now, so I'm also wondering why about 1 out of 5 held
messages is missing the
I would prefer to JunkMail filter before virus scanning, so would you
consider setting up a special queue directory that we could move legitimate
e-mail messages that were held as spam so that Declude could periodically
parse the directory and virus scan any messages in there, and if clean move
Well, I guess it's nice to know that it will at least have a place in the
unlikely section of the database. It would seem to me that any large
IMail installation that is using Declude would want this because of the
potential huge CPU savings of not having to virus scan all junk mail, and
also
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry
Sent: Friday, May 24, 2002 12:26 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] Declude scans all emails
Well, I guess it's nice to know that it will at least have a place in
the
unlikely section
to learn.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry
Sent: Friday, May 24, 2002 5:21 PM
To: '[EMAIL PROTECTED]'
Subject: RE
Legato in an active/active if it's possible.
Craig.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Bill Landry
Sent: Friday, May 24, 2002 11:10 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] Declude scans all emails
John, I'm sorry if I came off
I figured out
when the "X-Spam-Tests-Failed" header does
not get added to e-mail messages. It appears to happenwhen domains
are setup touse a"per-domain configuration". For example,
under the Declude directory we have a subdirectory named pointshare.com, and in
that directory we have a
Gulp..., well now, don't I feel foolish... :-[
After reading your e-mail I checked and found that the pointshare.com e-mail
messages also did not have the X-Note header (I had all XOUTHEADER headers
commented out in my global.cfg file). Had I happened to notice that X-Note
header was missing
I saw the follow
two X-RBL-Warning headers in an e-mail message:
X-RBL-Warning: ROUTING: This E-mail was routed in
a poor manner consistent with spam [6000410f].X-RBL-Warning: SPAMHEADERS:
This E-mail has headers consistent with spam [6000410f].
I was wondering
what the 6000410f
Interesting stats, Scott. I'm wondering where I can find out more about the
heuristics tests, how they work with Declude JunkMail and how to implement.
Thanks,
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 2:01 PM
To: [EMAIL
Scott, to enable the HELOBOGUS test, do you just add a line to the
global.cfg file like:
HELOBOGUS ON
???
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 07, 2002 8:51 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Declude
Never mind, I just had a brain lapse.
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 07, 2002 5:01 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] Declude JunkMail v1.54 (beta) released
Scott, to enable the HELOBOGUS test, do you just add
efficient if
the tests were not run at all against whitelisted items.
Bill
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 07, 2002 8:23 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] Declude JunkMail v1.54 (beta) released
Scott, I had to revert
I'm not sure if you mean BLARSBL or DSBL, but I have been using both, and
DSBL-MULTI as well, for several months without issue. In fact, they have
worked quite well for me, so I've given each of them a weight of 6, with my
hold weight being 10.
BLARSBL ip4rblock.blars.org *
Use DSBALL at your own risk since entries are in fact unconfirmed and can
come from any source. The other two lists only accept entries from trusted
sources.
Bill
-Original Message-
From: Roger Heath [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 10:02 AM
To: Bill Landry
Hmmm, that's strange, because my DNS has always been hardcoded and ip4r
lookups still were not working for me with 1.54, but reverting back to 1.53
fix it for me.
Bill
-Original Message-
From: Rick Davidson [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 14, 2002 7:43 AM
To: [EMAIL
then it started working
Have a great day!
Rick Davidson
Buckeye Internet Services
www.buckeyeweb.com
440-953-1900
-
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 14, 2002 12:49 PM
Subject: RE: [Declude.JunkMail] BL tests failing to run
Hmmm
Hmmm, I would like to know more about this undocumented adult test that
Declude has--how does one implement it and what kinds of things does it look
for?
Thanks,
Bill
-Original Message-
From: Helpdesk [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 11:17 AM
To: [EMAIL
Is there an archive
of the JunkMail and Virus lists? I wanted to search on some of the
supposedly "undocumented" features of Declude JM like "adult", "heuristics", and
possibly any others that I am not aware of. Or, is there list of these
undocumented features somewhere that I can review?
Thanks Scott and Bill for the pointers to the archives. Scott, I've asked
this a couple of time, but have not gotten a response from anyone on the
list. Is there an adult test that can be run with JM or not?
Thanks,
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL
Is there some reason you are being vague about this, Scott? No problem, as
a paying customer of both Declude JunkMail Pro and Virus Pro, I will figure
it out myself and let others know who might ask the same question in the
future know how to setup the test.
Bill
-Original Message-
That will work. Thanks!
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 20, 2002 12:30 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Comment after whitelist ip entry?
Is it okay to place a comment after a whitelist ip entry
-Original Message-
From: R. Scott Perry
Could there be any per-user or per-domain settings accounting for this? Or
could the outgoing actions account for it?
Duh, outgoing actions--damn, forgot about that one. I'll do better research
on my end before posting to the list in the
received.
Regards,
Bill
-Original Message-
From: Russell Nelson [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 22, 2002 10:51 PM
To: Bill Landry
Subject: Re: Is DEWS out of service?
Bill Landry writes:
I have not been able to get resolution from the DEWS spam database for
several days
1. Can I place more than one DNS server in the global.cfg and will Declude
use the second one listed if the first becomes unavailable? E.g.:
DNS xxx.xxx.xxx.1
DNS xxx.xxx.xxx.2
We had an admin reload the server that Declude was pointed to for name
resolution today and so things were
Oh, BTW, I'm running Declude v1.55.
Bill
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 24, 2002 8:38 PM
To: '[EMAIL PROTECTED]'
Subject: [Declude.JunkMail] A couple of questions...
1. Can I place more than one DNS server in the global.cfg
If you are using Compaq servers, you can install the Compaq LightsOut cards
in those servers and remotely control your servers via a web browser, even
reset and power-cycle them and watch them through the reboot process, and
even go into the BIOS if you need to. We have them in all of our data
Jim, my filter file is rather large (almost 1600 entries and growing). I
don't know if it is appropriate to post to the list, but I will send you a
copy off-line, if you like.
Bill
-Original Message-
From: Jim Rooth [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 28, 2002 12:59 PM
To:
Well, I'm sure that this one got caught by everyone's filters... ;-)
This message got a weight of over 200, and I hold at 12. Probably better to
send something like this as a zipped attachment.
Bill
-Original Message-
From: Todd Ryan [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 28,
Jim, with Declude, inbound messages are passed directly to Declude by IMail
for processing and if clean, then dropped directly into the spool directory
for delivery. If a legitimate message is held, you can simply move the Q
D files of the legit message into the spool directory and IMail will
Hey, that's great, no more searching for why a message did not get caught by
any spam tests!
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 30, 2002 8:18 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Declude JunkMail v1.57 (beta)
Hey, thanks Scott, as always, you're awesome!
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 30, 2002 10:15 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Declude JunkMail v1.57 (beta) released
Wishlist items:
1. send out rhsbl
Scott, I haven't tried this feature yet, but I was wondering if the REMOTEIP
feature will follow the IPBYPASS and HOP settings and ignore our mail
gateway ip addresses? These new features are really cool and add nice
functionality to the overall filter capabilities.
Thanks,
Bill
---
[This
Hmmm, let me reply to my own question with another question. When using the
REMOTEIP feature, with the IS flag, does it just look for an exact match
anywhere in the headers?
Bill
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 30, 2002 5:42 PM
Perfect!
Thanks,
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 30, 2002 6:00 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] REMOTEIP feature question
Scott, I haven't tried this feature yet, but I was wondering if the
REMOTEIP
Tom, how about using:
XINHEADER X-SenderIP: [%REMOTEIP%]
since isn't is really the remote IP address that we are looking for, and not
necessarily the e-mail address? Or am I confused. What are we looking for
here, the original sending mail servers IP address or something else?
Bill
Actually, Tom, maybe it does not need to be a configurable button, if you
are already reading the GLOBAL.CFG file, where the filter file name and
location are defined.
Bill
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 31, 2002 2:55 PM
To: '[EMAIL
Scott, I guess I could test this, but I'm sure you can tell me off the top
of your head. When using the BODY search in the filter file, does Declude
search just the actual body of the e-mail message or does it search all
attachments, as well? I'm guessing it's just the actual body of the
Welcome to the list, George!
Wow, that really is an open-ended question. It really depends on how
aggressive you want to be with your spam filtering. After reading over the
manual that is maintained on the Declude download site, if you can give us
an idea of what you would like to accomplish
It really depends on what action you are taking on flagged messages. I
think the default is hold, if I remember correctly. With that, you can
simply review the held messages to see if there are any legitimate messages,
and if so, you can move them back into the IMail spool for delivery.
To
Oh, and I forgot to mention another cool tool that another Tom has made
available to the Declude JunkMail user community (those Tom's are great to
have on distribution list, aren't they) called Delog, which will parse
your JunkMail logs and generate a nicely formatted report of how each of
your
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
In addition, I think that both Reserved space (IANA and RFC1918)
should get blackholed when hop 0 and inbound from the Internet.
That should not be a problem -- that would only happen if the spammer
forges their IP
That should do it.
Bill
-Original Message-
From: Kami Razvan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 14, 2002 4:18 AM
To: JunkMail List
Subject: RE: [Declude.JunkMail] [Declude.Virus] korea.services.net
blacklist
This sounds quite interesting.
Would the statement in the
Declude.exe should be in the IMail root and the config files in the
IMail\Declude directory.
Bill
-Original Message-
From: Doris Dean [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 11, 2002 1:20 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Blacklist is still failing
Hmmm, probably not a good idea to post whitelisted e-mail domains on a
public list like this--you may be setting yourself and your hosted
users/customers up to be spammed by anyone, anywhere that would use a return
e-mail address from one of these whitelisted domains.
Bill
-Original
I would not recommend that anyone ever whitelist FROM addresses. Much
better to use a negative weight in a filter list where you at least have a
chance to still block potential spam attempts from these addresses.
Bill
-Original Message-
From: Tom [mailto:[EMAIL PROTECTED]]
Sent:
Title: Message
If you
are using the filter feature of Declude, add a negative weight for yahoo groups
to one or more of the tests in you filter file.
Bill
-Original Message-From: Kami Razvan
[mailto:[EMAIL PROTECTED]]Sent: Monday, October 14, 2002 5:29
AMTo: [EMAIL
I would not suggest just turning of the Messenger Alert Service as that is
just a Band-Aid to the real problem. I would strongly suggest that you head
Scott's advice and block all netbios ports at your firewall, or at a
minimum, at your boarder router. This kind of traffic should never be
Put a space after cum (without the quote marks, of course) in your filter
file and that will keep it from catching the users name.
Bill
-Original Message-
From: Greg Foulks [mailto:greg.foulks;nfti.com]
Sent: Tuesday, October 22, 2002 12:00 PM
To: [EMAIL PROTECTED]
Subject: RE:
Chuck, looks pretty cool to me, and I can see how this could be a nice way
for customers to manage their own spam rules. However, I wonder what the
effective load would be on an IMail/Declude JunkMail server with a large
customer base with all of the per-user files that would be required to make
OLDEMPLOYEE filter f:\IMail\Declude\oldemployee1.txt x 100 0
and this is the content of the employee1.txt file:
This may be a typo, but it does not appear here that the actual file name
employee1.txt and the config option in the Global.cfg oldemployee1.txt
are the same. Just something to look
FYI...
Original Message
Subject: An Announcement Regarding The Monkeys.Com Proxies List
Date: Sun, 17 Nov 2002 05:27:37 -
From: [EMAIL PROTECTED] (Ronald F. Guilmette)
Organization: Posted via Supernews, http://www.supernews.com
Newsgroups: news.admin.net-abuse.email
Scott, I was just wondering if the Adult test had been disabled in JunkMail?
I was getting some pretty good results from the test, but have noticed
lately that my reports are consistently showing the Adult test at 0. Just
wondering if I should remove the test from my Global.cfg.
Bill
---
[This
Won't matter if you have defined IPBYPASS for the backup MX's IP address,
because once the message is relayed to your IMail server by the backup MX,
Declude will then run its tests against the IP address that connected to the
backup MX, not the backup MX itself.
Bill
-Original Message-
Scott, what is hard coded to 256? My single filter list has over 2400
entries in it and it flags entries in the 2000 range all of the time, and
seems to be working great.
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 16, 2002 10:01 AM
To:
Gotcha, thanks for the clarification.
Bill
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 16, 2002 2:32 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Limit on number of filters (Or tests)
Scott, what is hard coded to 256?
Sorry, I
Scott, I think that this would be a great addon to JunkMail. A very small
percentage of our user even use web messaging (possibly because they don't
know it's available--we don't currently advertise it), so it would not be a
burden to most of our customers. Also, once you bookmark the link, it
Scott, I have been experimenting with some spam headers that our gateway
servers (Linux/Postfix/RAV AntiVirus) can add to potential spam messages.
One of the following four message headers can be added to a message based on
spam accuracy (or no header if the messages in not suspected of being
You may want to add ten entries into your filter file like:
MAILFROM 0 CONTAINS @list0
MAILFROM 0 CONTAINS @list1
MAILFROM 0 CONTAINS @list2
MAILFROM 0 CONTAINS @list3
MAILFROM 0 CONTAINS @list4
MAILFROM 0 CONTAINS @list5
MAILFROM 0 CONTAINS @list6
MAILFROM 0 CONTAINS @list7
MAILFROM 0 CONTAINS
John, I don't think that a space before the word does anything (unless
support for this has been added to JunkMail recently), but a space after the
word in the filter file would prevent basement from being flagged by the
work semen .
Bill
-Original Message-
From: [EMAIL PROTECTED]
The only way I can think of to currently block an e-mail address with an IP
after the @ symbol would be something like:
MAILFROM0 CONTAINS@1
MAILFROM0 CONTAINS@2
However, this would also flag e-mail addresses like:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
this...
MAILFROM 0 ENDSWITH 0
MAILFROM 0 ENDSWITH 1
MAILFROM 0 ENDSWITH 2
...etc
-Original Message-
From: Bill Landry
Sent: Sun, 19 Jan 2003 13:15:57 -0800
Subject: RE: [Declude.JunkMail] Return address IP
The only way I can think of to currently block an e-mail address with an IP
after
Okay, thanks for the explanations.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Tuesday, January 21, 2003 9:38 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] JunkMail log entry questions
Scott, I found the
Title: Message
Scott, here are the
headers from a recent spam message, and I am wondering how "X-Declude-Sender"
came up with [EMAIL PROTECTED]as the sender address:
=
Received: from
gw2.pointshare.com [204.189.38.3] by intramail01.pointshare.net with
ESMTP (SMTPD32-7.13) id
Yep, use Spam Review, which can be found at
http://www.slsoft.com/spamreview.htm (it's a great freeware tool for
monitoring the spam hold directory and putting false-positives back into the
queue).
Bill
-Original Message-
From: Steve Jensen [mailto:[EMAIL PROTECTED]]
Sent: Saturday,
Scott, just wondering why these new tests use * instead of x for the
undefined variables. I tried using x and the results were not good. I
haven't tried using * yet, but will if that is what the undefined
variables should be for these new tests.
Bill
- Original Message -
From: R. Scott
Dan, what is the mailfromSTRICT test?
Bill
- Original Message -
From: Dan Patnode [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 2:31 PM
Subject: [Declude.JunkMail] Spaced Out
A new spammer technique, though he still managed to fail:
mailfromSTRICT
MAILFROM
Thanks for the explanation, Scott.
Bill
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 3:59 PM
Subject: Re: [Declude.JunkMail] Spaced Out
Its a much more sensitive (strict) version of MAILFROM. Weighted less
than
I got it, as well. It was sent from cpe-66-189-124-29.ma.charter.com, which
is the IP address that the Declude lists are hosted on, so it looks like it
was just a misfire, although it is strange that it did not come in with
any of the Declude subject lines and shows undisclosed-recipients: in the
I don't know if anyone is currently running the latest version of AlliGate
(formerly known as SpamManager) for Declude/IMail, but I have been running
if for the last week or so, and it has a bunch of new features and spam
tests that have greatly increased it's ability to flag spam.
The discussion
Global.cfg:
SPAMDOMAINS spamdomains F:\IMail\Declude\SpamDomains.txt x 5 0
SpamDomain.txt examples:
amazon.com
ameritech.net
aol.com
apple.com
@att. .att.
attbi.com
bellsouth.net
charter.net
comcast.
compuserve.com
concentric. .cnchost.com
@cox. .cox.
earthlink.
excite.com
geocities.com
Hmmm, I have only gotten the one from earlier
today. It does appear that they are coming from the Declude list server,
however: Received: from declude.com
[66.189.124.29]
Bill
- Original Message -
From:
Lester Brown
To: [EMAIL PROTECTED]
Sent: Friday, June 06, 2003
Those should work fine. What will not work is when the left part is listed
more than once with different right parts, the first match win and the
others will never be checked. For example, abc.com will always only match
the first line item here:
@abc.comxyz.com ---(Match and looks no
: [Declude.JunkMail] spamdomains list
Thanks for the clarification. In that example then, the way to go is:
@abc.comxyz.
:)
On Friday, June 6, 2003 16:12, Bill Landry [EMAIL PROTECTED] wrote:
Those should work fine. What will not work is when the left part is listed
more than once with different
Scott, with talk recently of optimization and efficiency, and where certain
tests should be conducted to save on CPU cycles. I was thinking that one
way to gain efficiency would be to NOT run Declude and third-party apps
(SpamChk, AlliGate/SpamManager, Sniffer, etc.) on whitelisted e-mails (virus
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 27, 2003 6:53 PM
Subject: RE: [Declude.JunkMail] Wish list reminder... :-)
Scott, with talk recently of optimization and efficiency, and where
certain
tests should be
So when might you be willing to share this new spam test with us...? :-)))
Bill
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 4:31 PM
Subject: Re: [Declude.JunkMail] new message header
I see new X-Spam-Prob: headers
One comment. Instead of having:
yahoo.com
yahoo.ca yahoo.com
yahoo.de yahoo.com
yahoo.dk yahoo.com
yahoo.es yahoo.com
yahoo.fr yahoo.com
yahoo.it yahoo.com
yahoo.no yahoo.com
yahoo.se yahoo.com
yahoo.co.jp yahoo.com
yahoo.co.uk yahoo.com
yahoo.com.ar yahoo.com
yahoo.com.au yahoo.com
yahoo.com.br
Scott, I have PREWHITELIST ON and WHITELIST IP 10.0.0.0/8 in my Global.cfg,
but I am still seeing:
==
05/30/2003 21:27:10 Q2f1b167300aa673e nNOLEGITCONTENT:-5 BODY-FILTER:20
SPAMCHECK:2 . Total weight = 17
05/30/2003 21:27:10 Q2f1b167300aa673e E-mail whitelisted - automatically
passing
Hmmm, this feature doesn't really help us then. Any thoughts about
including CIDR ranges in the PREWHITELIST feature?
Bill
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, May 31, 2003 5:46 AM
Subject: Re: [Declude.JunkMail] PREWHITELIST
They were just talking about this on the Postfix list today, as well.
Wietse Venema is the developer of Postfix. Attached is a question regarding
the Message ID, and his response. Interesting that this issue came up on
both lists today.
Bill
- Original Message -
From: R. Scott Perry
It probably just recently dropped out of the OSSRC database and possibly
your DNS that JunkMail is using still has the old entry cached.
Bill
- Original Message -
From: Todd Praski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 11:40 AM
Subject: [Declude.JunkMail]
Scott, since we have been discussing optimization techniques on this list
lately, I am wondering if in that effort you can do some logging
optimization, as well. See the attached JM log snippet and you will notice
that a single e-mail with 4 recipients gets written to the log 4 time, with
each
Title: Message
Why not:
@cs.com .aol.com
Bill
- Original Message -
From:
Kami
Razvan
To: [EMAIL PROTECTED]
Sent: Sunday, June 08, 2003 1:26 PM
Subject: [Declude.JunkMail] cs.com -
SPAMDOMAINS
Hi;
Does anyone know
what entry we should have for
1 - 100 of 679 matches
Mail list logo