Message-
From: Darrell L. [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 06, 2003 11:35 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Log Analyzer - Comments Needed
*Sorry if this is outside the realm in which the forum should be used.
Several of my customers have started
In my experience SPAMCOP has been very good at weeding out SPAM and we
hold/block using this test alone. We do occasionally get a false
positive or two, but no more or less than any of RBL's that list known
open relays.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I'll trust you on that, and apologize for the roundhouse
classification. Yet in your several dozen cases where divorces were
contemplated, employee terminations took place, even people who were
sent back to prison and kids who have been grounded examples,
clearly your
When you are attempting to filter on a header for example this header
X-Mailer: The Bat! (v1.52f) Business
Would the following line in my filter file work
HEADERS 10 CONTAINS X-Mailer: The Bat! (v1.52f) Business
Or should I use
HEADERS 10 IS X-Mailer: The Bat! (v1.52f) Business
Is
Scott,
But I guess the obvious question is why did the SPAMHEADERS return the
lookup code [c040400f]?
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Wednesday, February 19, 2003 3:24 PM
To: [EMAIL PROTECTED]
Subject: Re:
Does anyone have a list or a similar resource to peruse.
Darrell LaRock
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sheldon Koehler
Sent: Thursday, February 20, 2003 1:48 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Filtering on a header
Is it possible then to have the tool on the website updated to reflect
the information you provided below?
i.e.
BADHEADERS - Broken or missing date
SPAMHEADERS - consecutive spaces in the subject
I am sorry to beat this to death, it's just that when you use the tool
it gives the perception that
The whitelisting of postmaster@ used to work, but this time it didn't.
Any thoughts.
20030202 194515 127.0.0.1 SMTPD (958D00E6) [209.94.11.105] connect
148.78.247.23 port 56646
20030202 194515 127.0.0.1 SMTPD (958D00E6) [148.78.247.23] EHLO
apollo.email.starband.net
20030202 194515
Scott,
Any plans on changing that? If you host a mail server that has many
domains you sure can burn up a bunch of whitelist addresses quickly that
way.
Darrell
Darrell LaRock
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent:
When using MID for logging is the From: address comparable to the
x-declude-sender?
01/29/2003 04:37:47 Qa0e78ee900be105a From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED]
Thanks
Darrell
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
I have a registered version of Sniffer and for some reason for a couple
hours I had the same problem. It was within several days of installing
Sniffer although I had the registered version.
We were never able to pin-point it to the Sniffer software, but
something happened...
Do you happen to
Scott,
Will declude transactions ever interleave in the log file?
It appears they are always like this in the log file
MESSAGE1 FAILED THIS
MESSAGE1 FAILED THIS
MESSAGE1 FAILED THIS
MESSAGE2 FAILED THIS
MESSAGE2 FAILED THIS
Instead of this
MESSAGE1 FAILED THIS
MESSAGE1 FAILED THIS
MESSAGE2
I am in the process of working on a Log analyzer for Declude that can
provide me with the information I need to report on each month. I
wanted to include a Spam Subject reporting feature.
In any of the log files (declude or Imail) I have been unable to find
any references to subject. I have
Scott,
Do you think it would be better to extract the info through a declude
external test or bump up the logging?
Darrell
Darrell LaRock
Information Systems Analyst
Gannett Television
716-849-2272
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R.
John,
From your post I gathered that your log level is atleast mid.
Is this a normal configuration or just a one time deal to look at the mail.
Darrell
Darrell LaRock
Information Systems Analyst
Gannett Television
716-849-2272
-Original
Message-
From:
[EMAIL
If I was going to setup Negative Weight on certain domains instead of
white listing them would I use just a standard sender blacklist with
negative weight
i.e.
DereaseWeight fromfile C:\IMail\Declude\badaddresses.txt x 0 5
Then inside the file I would use
@mail.southwest.com
Since the Declude
Just for clarification,
The first weight is the weight applied if the test is failed, and the
second weight is if the test is passed.
In my case I would have @mail.southwest.com entered in the file and I
want to decrease the weight of the mail if the message is from the
@mail.southwest.com
Scott,
Thank you for the clarification, the end of your message was what the
intended behavior I was looking for.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Tuesday, January 21, 2003 10:21 AM
To: [EMAIL PROTECTED]
I have domains that are local that I host and several domains that I am
a gateway for.
Now when a message gets bounced for a local domain the following line
works fine. It will substitute the %localhost% for the domain that the
message was addressed to.
If you feel this message is in error
Scott,
Essentially all I am doing is acting as a gateway for another domain.
This way they can utilize the virus scanning and spam detection we have
in place.
What I am trying to implement is called Acting as a gateway for domains
on other servers in the manual. Now from the manual and what
John
Thanks for the follow-up. My confusion is in that Declude/Imail treat
the domain I am gatewaying for as outgoing mail. Now with per domain
settings it only references copying the $default$.JunkMail file to the
per domain folder. However, the outgoing tests are defined in the
global
Scott,
Things are starting to come together slowly now :)
Correct me if I am wrong.
Normally outgoing mail actions are specified in the Global.Config file.
However, when using per domain settings it only looks at the actions in
the $default$.JunkMail file for that domain.
Thanks
Darrell
It appears as if Declude is allowing mail that fails spam tests that
have been funneled through our backup mail server to pass.
#GLOBAL CONFIG
IPBYPASS 12.25.87.100
Here is the relevant portion of logs and configs
20030114 162019 127.0.0.1 SMTPD (6B090098) [209.94.11.105] connect
Scott,
A couple of questions
1.) Since the mail was already incoming and has gone through all the
spam checks inbound is there anyway to override the current behavior of
discarding those results and actually have the message react to the
incoming spam checks.
2.) If I can't override the default
I am in the process of installing Sniffer this week. After some reading
I noticed this on their website.
IMPORTANT: Ebay, Yahoo groups, and other lists frequently include
advertisements that may trigger matches in sniffer's rule base. While we
are creating standard white-rules to mitigate the
I had this piece of mail fail the helobogus test. I am wondering why?
Here are the message headers.
Received: from babel.avstarnews.com [12.24.201.132] by
mail1.gannett-tv.com
with ESMTP
(SMTPD32-7.12) id A6A397880132; Wed, 08 Jan 2003 17:30:59 -0500
Received: by BABEL with Internet Mail
Several people have mentioned about getting bogged down with postmaster
errors to return addresses. I assume you mean that you bounce messages
from Declude.
Is there any reason why people shy away from using bogus address on your
system so the undeliverable messages are discarded?
Darrell
For those who have a small enough volume and bounce messages that fail
your spam tests how do you word your bounce messages.
For example we use the following line The message was rejected because
it failed the following SPAM detection tests and has been marked as
SPAM. This tends to get a few
Is this a product of HOP or a hiccup on spamcop's side?
11/26/2002 17:37:21 Qf79f094e00364534 Msg failed SPAMCOP (Blocked - see
http://spamcop.net/bl.shtml?205.188.139.134). Action=WARN.
20021126 173719 127.0.0.1 SMTPD (094E0036) [152.163.225.100] EHLO
imo-r04.mx.aol.com
20021126 173719
I had the same thing happen to me yesterday as well. Got several
complaints from AOL users.
Darrell LaRock
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Brian Milburn
Sent: Wednesday, November 27, 2002 10:00 AM
To: [EMAIL PROTECTED]
Subject: DSN:Re:
I am not 100% sure IPBYPASS is working. I am running Declude 1.60. The
following email was found in the spool directory. It has no markings
that it was scanned by declude. Although checking the logs it failed
many tests for declude. I did not find any markings in the file listed
below that it
Scott,
What I was referring to with IPBYASS is the 12.25.87.100 is a backup
mail server that needed to be skipped. My HOP Settings are as follow's
HOP 0
HOPHIGH 2
I did not find any reference in the imail logs to the Q File.
There was no other references in the log files pertaining to
Scott,
The logs still do not reflect that the mail was delivered. Although
there are no traces of it in the spool directory.
I also checked for locked files _* and did not find any.
I do have a declude.gp1 and declude.gp2 but they are dated 10/16/2002.
I understand there is not much to go on,
It's hard to say what happened here. Are you sure that the D*.SMD
file you ooked at originally wasn't just an E-mail that was arriving
on the server (in which case you may have opened it while Declude
JunkMail was processing it, before it added its headers)?
Tom,
Is there any criteria to get listed on your list? I have noticed over
the last couple of weeks that more and more sites that I would have
thought would be legitimate are being listed?
Here are a few for example.
w2knews.com
MONROECOUNTYGEORGIA.COM -
bellnexxia.net - isp site for network
Delete All - Deletes all entries.
ctrl+a del
Delete All and Exit - Deletes all entries then exits (deleting
deleted if switch is 'on')
ctrl+a del alt+f4
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Roger Heath
Sent: Tuesday,
I believe from a previous posting someone
mentioned Dell sends some email out encoded as Base64.
Darrell
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott MacLean
Sent: Wednesday,
September 25, 2002 9:31 AM
To: [EMAIL PROTECTED]
What does networksolutions and verisign fail that you whitelist them?
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Charles Frolick
Sent: Wednesday, September 18, 2002 12:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Whitelist
I agree SPEWS is very aggressive when it comes to blocking. SPEWS likes
to block adjacent netblocks in order to get legitimate customers to
pressure the ISP.
To get removed from the SPEWS list it takes practically an act of God to
get something removed. They say for you to post to the NANAE
If you are a victim of a spews adjacency - depending on the ISP they may
work with you to give you a clean netblock not in SPEWS.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff
Sent: Tuesday, September 17, 2002 2:54 PM
To:
in these type of
scenarios. I just want the best product for the job and feel that it
will
include Declude, whether it means a new config or adding Message
Sniffer.
-Curtis
On 9/3/2002 5:21 PM, Darrell L. [EMAIL PROTECTED] wrote:
Does anyone have suggestions on how I can quickly tune Declude
JunkMail
Does anyone have suggestions on how I can quickly tune Declude
JunkMail to
provide a decent-quality result? I generally like Declude (especially
Virus), but a flashy corporate package tends to look good to
management
types and failure seems to be more accepted if it comes from a
multi-million
Weight of 16 reaches or exceeds the limit of 10.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L.
Sent: Monday, August 19, 2002 9:44 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Variables For Alerts And Bounces
I am testing the bounce
I am sure most people use the weighting system. For the most part you
have certain weights were you know that 99% of the mail triggering that
weight is spam.
Do you BOUNCE, HOLD, Or DELETE? Right now I am using HOLD, but was
considering switching that to BOUNCE. There are defiantly some
What is the difference between
08/01/2002 16:51:25 Q9f490135007eeff8 R1 Message OK
08/01/2002 16:51:25 Q9f490135007eeff8 L2 Message OK
08/01/2002 16:51:50 Q9f610136007e4e35 L1 Message OK
When a message is R1 L2 or L1?
Darrell
---
[This E-mail was scanned for viruses by Declude Virus
I have a weight setup for WEIGHT20, but it was commented out in my
default.junkmail file but the logs showed an actual message that failed
this test even though it was commented out.
Using Version 1.57 beta, did not see this happen with 1.55b.
$default$.junkmail
WEIGHT15HOLD
#WEIGHT20
I add the following line to my global.cfg file
WHITELIST IP 66.54.32.*
However, messages from the 66.54.32.* subnet are not being WhiteListed.
What am I doing wrong?
Darrell
Received: from [66.54.32.207] by mail1.gannett-tv.com
(SMTPD32-7.11) id A3743F003C; Mon, 29 Jul 2002 16:20:04 -0400
PROTECTED]] On Behalf Of Darrell L.
Sent: Monday, July 29, 2002 4:34 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Whitelist Not Working What Am I doing wrong
I add the following line to my global.cfg file
WHITELIST IP 66.54.32.*
However, messages from the 66.54.32.* subnet are not being
Scott,
In the new version is it even able to more refined subnets like
1.1.1.16/28?
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Monday, July 29, 2002 4:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail]
49 matches
Mail list logo
