RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate

[Keith Johnson]

John,

Can you list multiple REVDNS on a single line when using spamdomains?

For example

@bellsouth.net  .bellsouth. isp.att.

Thanks,

Keith

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John
T (lists)
Sent: Monday, August 20, 2007 10:55 AM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate

Does anyone have an updated listed for SPAMDOMAINS test for the AT  T
conglomerate?

I know there is .att. and bellsouth.com and sbc.com but what else is
there
that could originate from an att.com REVDNS?

John T




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Slipping through Declude

[Keith Johnson]

John,

In text is below:

What version of Declude?

4.3.16

Is that the entire message?

Yes, I attached 3 message headers

Have you reviewed the IMail SMTP log for the message, and check of a
queue
run just happened to fire at that time?

No smtp or Decludeproc restarts in log.  What is unique is that all 4
messages contained the same body although from different sources.  Still
awaiting Linda's response at Declude.

Thanks,

Keith

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Keith
Johnson
Sent: Saturday, February 03, 2007 1:09 PM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] Slipping through Declude

It has been rare, although not uncommon, that from time to time I will
see
emails slip through and not scanned by Declude, however, today I have
gotten
5 in a row carrying the same, or similar, body information and no
insertion
of X-tags.  I have attached a header that illustrates this.  Is anyone
else
seeing this same type of email come through your system unscanned?  I
have
sent this off to Declude Support for further looks. 
 
-Keith


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] AVG Questions

[Keith Johnson]

Support,
 
What is the best way to tell what signature version I am running with the 
onboard AVG engine?  Also, how do I manually pull down a signature if I need to 
update before the automatic download interval?  Thanks for the aid.
 
Keith


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] 30511 problem

[Keith Johnson]

David,
Do you have an exhaustive explanation of what exactly each of
the new commands does?  I have seen a tremendous amount of emails to
alter this and alter that, however, what does it actually do and how
does one affect the other?  Thanks for the aid.

Keith

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, October 25, 2005 9:39 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] 30511 problem


Randy try changing

WAITFORMAIL 1500

To

WAITFORMAIL 500

See if that changes the delay.

David B
www.declude.com

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of GlobalWeb.net
Webmaster
Sent: Monday, October 24, 2005 7:16 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] 30511 problem

We upgraded to 3.0.5.11 tonight - big difference in CPU in that it's way
down from the 3.0.5.5 - 
but proc folder will accumulate approx 35-50 messages before it'll dump
them to the work folder.  Do not see any problems so far except for the
second or two delay in this...

We have in our declude.cfg:
THREADS 50
WAITFORMAIL 1500
WAITFORTHREADS  1000
WAITBETWEENTHREADS  1




Sincerely,

Randy Armbrecht
Global Web Solutions, Inc.
804-346-5300 x112
877-800-GLOBAL (4562) x112
http://globalweb.net



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harry
Vanderzand
Sent: Monday, October 24, 2005 1:52 PM
To: Declude.JunkMail@declude.com
Cc: 'Technical Support'
Subject: RE: [Declude.JunkMail] 30511 problem

Dual Xeon 3.4Ghz 2GB ram  imail 8.05 declude, sniffer  invurbl

The issue is that without changing anything other than going to 3.05.11
this occurs

It appears that processing has changed

If I could get some idea from Declude about this. 

Maybe I have to change my declude.cfg?

It currently is

threads 20
waitformail 500
waitforthreads 1500
waitbetweenthreads 100

Harry Vanderzand
inTown Internet  Computer Services
11 Belmont Ave. W., Kitchener, ON,N2M 1L2
519-741-1222

 

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of John Carter
 Sent: Monday, October 24, 2005 1:30 PM
 To: Declude.JunkMail@declude.com
 Subject: RE: [Declude.JunkMail] 30511 problem
 
 Interesting ... .11 is working for me better than any
 previous version -- proc and work are quickly cleared.  
 
 What process is jumping the CPU up so high? Decludeproc or
 the anti-virus
 scanner(s) or something else?  How about some more info (CPU, 
 RAM, declude.cfg contents, do you run AVAFTERJM?, that kind of thing.)
 
 John
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 Harry Vanderzand
 Sent: Monday, October 24, 2005 12:10 PM
 To: Declude.JunkMail@declude.com
 Subject: [Declude.JunkMail] 30511 problem
 
 When I switch from 3.05.9 to 3.05.11 CPU usage goes up
 considerably and mail gets processed much slower and starts 
 to backlog.
 
 I have had to switch back to 3.05.9
 
 Harry Vanderzand
 inTown Internet  Computer Services
 11 Belmont Ave. W., Kitchener, ON,N2M 1L2
 519-741-1222
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and 
 type unsubscribe Declude.JunkMail.  The archives can be 
 found at http://www.mail-archive.com.
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and 
 type unsubscribe Declude.JunkMail.  The archives can be 
 found at http://www.mail-archive.com.
 
 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] DomainKeys

[Keith Johnson]

John,
 
 Is 3.0.5.5 100% stable?  I have seen numerous posts on this forum 
about ongoing issues with MAILFROM (triggering on local unauth. domains), 
COUNTRY Test and with Multi-Procs (especially above 100K volume per day).  I 
have a call into Declude support on the above to see what is being addressed, 
especially with Multiple Processors in place.  
 
Keith 
 
 



From: [EMAIL PROTECTED] on behalf of John T (Lists)
Sent: Mon 10/10/2005 5:54 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] DomainKeys



Good, bad, indifferent?

Now that 3.0.5.5 is out and stable, any thoughts of including a test for
DomainKeys into Declude?

John T
eServices For You



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] new root server B address

[Keith Johnson]

Davebe,
 Wow, you read my mind.  I saw this as well this week on my Linux dns 
box.  Thanks for the update.
 
Keith



From: [EMAIL PROTECTED] on behalf of Dave Doherty
Sent: Sat 9/24/2005 10:12 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] new root server B address



Hi, all-

I was catching up on some stuff tonight and discovered that I still had the
old address for the B root server in my cache.dns files. This changed over a
year ago, but I missed it at the time. Just in case you also missed it, I
thought I would pass it along.

The new address for b.root-servers.net is 192.228.79.201

If you have another address for b.root-servers.net, you should change it.

-Davbe Doherty
 Skywaves, Inc.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] declude / spamassassin

[Keith Johnson]

Nick,
   If you don't mind, is SA heavy on the CPU?  What kinda load are
you running with SA?  We are wanting to pursue it, however, Sanford had
mentioned awhile back it would be heavy on the CPU.  Thanks again,

Keith

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Tuesday, September 20, 2005 5:44 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] declude / spamassassin



Travis Sullivan wrote:

 So, the only thing I will see in the headers is the total score SA
 results:

 X-RBL-Warning: SPAMASSASSIN: Message failed SPAMASSASSIN: 3.

 And declude scores only for the test group, like other tests in the
 global.cfg file?

Correct. Very slick huh? And good job getting it to go!
-Nick


 Travis
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] declude / spamassassin

[Keith Johnson]

Travis,
 In your setup, your Declude is running on a Windows 2k/2003 box calling 
your SA server on a Linux box on the same local network?  I guess the speeds 
are much the same as quering a local DNS server for lookups.  Sounds great, I 
will have look into this, my loads are around the same for our three servers.  
Thanks again,
 
Keith



From: [EMAIL PROTECTED] on behalf of Travis Sullivan
Sent: Tue 9/20/2005 6:31 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] declude / spamassassin



Nick,
   If you don't mind, is SA heavy on the CPU?  What kinda load are
you running with SA?

I have 3k plus users getting 300k emails per day... my SA is running on a
linux server, P4 2ghz... no increase in load when I started using SA with
declude today.

The best config I have set is:
SPAMASSASSIN externalnonzero e:\imail\declude\spamd\spamc32.exe -d
209.215.97.193 -r -lt 4 -et 6 -f 3  0

I 'think' so far that spamassassin only reports if SA's score is 4 or more,
if so, I score it a 3 on the email test.  I am still playing with the values
to tune the system.

thanks for everyone's help today.  I hope to have MRTG running reports on
declude soon to show some statistics.

Travis

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] RBL's becoming worthless...

[Keith Johnson]

Scott,
What type of speed are you getting from using the invuribl?  We
take in/out well over 70K emails per day on each server, 1 of them takes
in/out 150K.  As I understand it, it is very CPU intensive.  Thanks for
the aid.

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Wednesday, July 27, 2005 9:45 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] RBL's becoming worthless...

-Marcus:

Here's my invuribl config file...
I add points for being on various URI lists up to a max of 200.
Subject tag at 100, hold at 200, delete at 300:

?xml version=1.0 encoding=utf-8 ?
configuration
  appSettings

!--License Key Required For invURIBL To Run--
add key=License_Key value=mykey /

 !--Enables the use of an exception file for domains that should be 
skipped--
add key=Enable Exceptions File value=true /

!--Path and Filename of the log file.  If left blank the log file
will be generated in--
!--the same directory as the executable.  If you have  listed
in the file--
!--name it will be replaced with MMDD (Month and Day).--
add key=LogFile_Path value=invuribl-logfile.txt /

!-- Options: NORMAL, HIGH, VERBOSE, NONE--
add key=Log_Mode value=HIGH /

!-- If the passed in weight exceeds this value, invURIBL will exit
without --
!-- running any of the configured tests --
add key=SKIPWEIGHT value=500 /

!-- If the accumulated weight exceeds the value listed below
invURIBL will --
!-- return the MAXWEIGHT value --
add key=Enable_Max_Weight value=true /
add key=MAXWEIGHT value=200 /

!-- invURIBL will exit when the first domain in either the URI or
RBL list. --
!-- If the domain is listed in the URI list the associated RBL
lists will be checked --
!-- as well before the application will exit --
add key=Stop_At_First_Match value=true /

!--DNS Server Timeout: Number of seconds that invURIBL will wait
for a response from the DNS Server (Beta 5)--
add key=DNS_Server_Timeout value=2 /

!-- This is the URIBL That The Domains Will Be Checked Against --
add key=URIBL_List1 value=multi.surbl.org /

!-- Will return the last octet as the weight.  If Custom Bitmask
Values Are Enabled--
!-- their values will take precedence over this setting --
!-- add key=URIBL_Return_Result_As_Weight value=false / --

!-- Weight added to the result code or custom bitmask total. --
add key=URIBL_Weight_List1 value=0 /

!--Allows you to override the normal values for bitmasks for a
custom return weight--
add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true /

!--If using multi.surbl.org see
http://www.surbl.org/lists.html#multi
for which lists correspond --
!--to which bitmask values --
add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 /
add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 /
add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 /
add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 /
add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 /
add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 /
add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 /
add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 /

!--URI LIST 2--
add key=URIBL_List2 value=xs.surbl.org /
add key=URIBL_Weight_List2 value=50 /
add key=Enable_Custom_Bitmask_Values_URIBL_List2 value=false /
add key=URI_Bitmask_BitValue_1_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_2_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_4_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_8_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_16_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_32_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_64_Weight_URIBL_List2 value=0 /
add key=URI_Bitmask_BitValue_128_Weight_URIBL_List2 value=0 /

!--URI LIST 3--
add key=URIBL_List3 value=multi.uribl.com /
add key=URIBL_Weight_List3 value=0 /
add key=Enable_Custom_Bitmask_Values_URIBL_List3 value=true /
add key=URI_Bitmask_BitValue_1_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_2_Weight_URIBL_List3 value=50 /
add key=URI_Bitmask_BitValue_4_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_8_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_16_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_32_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_64_Weight_URIBL_List3 value=0 /
add key=URI_Bitmask_BitValue_128_Weight_URIBL_List3 value=0 /

!--Enables the checking of the URI's name servers against an RBL.
--
!--If the name servers are listed in the RBL the defined weight
will --
!--be added.  You also have an option to skip looking up the
nameservers --
!--if the URI is 

[Declude.JunkMail] OT-Netcraft Phishing Pheed

[Keith Johnson]

Just an fyi.  Seems like we could have Declude query a public database
of sites.  Worth a look.

Keith 


For what it's worth, Netcraft has announced that it is making
available to ISPs, hosting companies, etc., a feed of it's
phishing sites etc.

http://news.netcraft.com/archives/2005/04/19/netcraft_phishing_site_feed
_available.html



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] OT-Netcraft Phishing Pheed

[Keith Johnson]

Darrell,
I emailed that sales address to see what they are going to
charge.  

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, May 13, 2005 11:18 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] OT-Netcraft Phishing Pheed

Too bad it appears as if it is going to be fee based. 

Please contact us ([EMAIL PROTECTED]) for pricing, giving details of
the mail server (e.g. sendmail, qmail ...) and/or proxy server (e.g.
Squid, Apache ...) or other program that you would like it to interface,
and the approximate number of users you have. 

Darrell 

 

Check out http://www.invariantsystems.com for utilities for Declude And
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
MRTG Integration, and Log Parsers. 

Keith Johnson writes: 

 Just an fyi.  Seems like we could have Declude query a public database

 of sites.  Worth a look.
 
 Keith
 
 
 For what it's worth, Netcraft has announced that it is making 
 available to ISPs, hosting companies, etc., a feed of it's phishing 
 sites etc.
 
 http://news.netcraft.com/archives/2005/04/19/netcraft_phishing_site_fe
 ed
 _available.html
 
  
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.
 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] SMD Files

[Keith Johnson]

Darrell,
 Did you prior adjust your TcpWindowSize value?  
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Darrell ([EMAIL PROTECTED]) 
Sent: Sat 4/23/2005 10:30 AM 
To: Declude.JunkMail@declude.com 
Cc: 
Subject: Re: [Declude.JunkMail] SMD Files


Not saying this is your problem - but...  If you have applied the KB 
893066 patch from the latest round of MS Patches you may want to look into 
that.  We have seen substantial issues with this patch internally and 
externally.
 
Darrell
---
invURIBL - Intelligent URI filtering plug-in for Declude.  Stops 85% of 
the
SPAM with the default configuration.  Try it for free - 
http://www.invariantsystems.com

- Original Message - 

From: Kyle Fisher mailto:[EMAIL PROTECTED]  
To: Declude.JunkMail@declude.com 
Sent: Saturday, April 23, 2005 2:40 AM
Subject: RE: [Declude.JunkMail] SMD Files


Ok thanks John.  Why do you think this just started happening 
the past 3 days I went from about 200 spool files to 1000 during the day and 
then 2 days later there are all of those left over files.

 

Do you mean the SMTP session from the client.  I have had some 
complaints (for about two weeks) from clients (connected by T1) saying they are 
getting SMTP errors occasionally.  They  have there client set to check mail 
every 5 minutes and throughout the day they get SMTP connection errors.

 

I mean I really dont know I am just searching at this point, 
but thanks for the info

 

Kyle

 


  _  


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 
John Tolmachoff (Lists)
Sent: Saturday, April 23, 2005 12:28 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] SMD Files

 

T files are incomplete Q files, where by some how the SMTP 
session was not completed. They along with the associated D file can be 
deleted. The reason it looks like they have already been sent is that the 
sending server/user upon disconnection of the SMTP session the resent the 
message in full.

 

John T

eServices For You

 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 
Kyle Fisher
Sent: Friday, April 22, 2005 2:49 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] SMD Files

 

Looking at some of these it looks like they have already been 
sent and it is trying to resend them again.  Also in some of these it is going 
to [EMAIL PROTECTED] 

 


  _  


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 
Kyle Fisher
Sent: Friday, April 22, 2005 3:50 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] SMD Files

 

I am trying to find the article that explains the build up of 
Txx.smd and Dxx.smd files in the spool directory.  The past few days I 
have quite a few of these hanging around in the spool directory.

 

Here is a sample of whats in the files.  Some are from my 
local clients and some or from other mail servers.

 

Kyle

 

Imail 8.15

2.0.6 Junkmail and Antivirus

3.16b F-Prot

Message Sniffer 2.3

 

D03bc03690136cf5a.SMD

 

Received: from gwmsrm42 [172.16.52.2] by esc5.net with ESMTP

  (SMTPD32-8.15) id A3BC3690136; Thu, 21 Apr 2005 14:49:16 -0500

 

 

T03bc03690136cf5a.SMD

 

QD:\IMail\spool\D03bc03690136cf5a.SMD

Hesc5.net

I03bc03690136cf5a

X1

WE:\IMail

E0,

R[EMAIL PROTECTED]

S[EMAIL PROTECTED]

NRCPT TO: [EMAIL PROTECTED]

R[EMAIL PROTECTED]

 

winmail.dat

RE: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load

[Keith Johnson]

Matt,
 I had this same exact issue, with exact same 
symptoms(Win 2000 SP4) and I called Declude on it a few weeks ago. 
Eventually, I just copied in a new Declude 1.82.exe file and reinstalled my 
scanners and the issue went away. I saw the same Error starting scanner 
and the Error 183. I went on the assumption that my scanners got corrupted 
and thus deinstalled them and reinstalled them. I thought it was just my 
server, but it seems it could be a broader issue.

Keith 
Johnson



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
MattSent: Monday, April 18, 2005 4:10 PMTo: 
Declude.JunkMail@declude.comCc: 
[EMAIL PROTECTED]Subject: [Declude.JunkMail] Error 183 in Declude 
Virus and double processing in Declude JunkMail during heavy 
load
This is primarily meant for Declude's support, but I am sending it to 
the list in the event that the broader scrutiny might be beneficial.I'm 
currently running Declude 1.82 and Windows 2003 SP1. It appears that under 
heavy load I am seeing errors from both Declude Virus and Declude JunkMail, and 
it seems possible that while the errors are triggered by the heavy load, the 
conditions created might be avoidable. It seems likely that either IMail 
or Declude is producing the problem.I have a client that has a Web 
server that pumps out about 350 E-mails every night in rapid succession from 
their Web server. This has been causing issues pretty much every 
night. Declude Virus throws about a half dozen or so errors during this 
blast saying "Error 183 creating temp directory [path]", and when this happens, 
it seems to always do this multiple times for the same file name. Declude 
JunkMail seems to also double, tipple, quadruple, etc., process the same files 
when this happens, which is noted in both the logs as well as the headers that 
it inserts in the E-mail. I sometimes find these multiple-processed files 
stranded in my spool without a Q file. I'm not sure what conditions 
associated with the load are causing this, but this can also happen at other 
times outside of this nightly blast when the CPU's are being pegged.I'm 
sharing the associated headers and log file entries in the hopes of helping to 
identify the source of the issue and also potentially resolving it. Here 
is a copy of each for one such 
message:HEADERS==Received: 
from mx1.mailpure.com [208.7.179.200] by mail.mailpure.com with ESMTP 
(SMTPD32-8.15) id A039545F00E0; Thu, 14 Apr 2005 01:31:37 -0400Received: 
from DH04 ([###.###.###.###]) by mx1.mailpure.com with Microsoft 
SMTPSVC(6.0.3790.211); Thu, 14 Apr 2005 01:31:34 
-0400Received: from mail pickup service by DH04 with Microsoft 
SMTPSVC; Thu, 14 Apr 2005 01:30:49 -0400From: [EMAIL PROTECTED]To: 
[EMAIL PROTECTED]Subject: 
Nightly Email update from [Company Name]Date: Thu, 14 Apr 2005 01:30:49 
-0400Message-ID: 
[EMAIL PROTECTED]MIME-Version: 
1.0Content-Type: multipart/alternative; 
boundary="=_NextPart_000_0001_01C54091.8C5A7060"X-Mailer: Microsoft CDO 
for Windows 2000Thread-Index: 
AcVAsxNWnH6Lzk2RRyizH9lhpqD3BQ==Content-Class: 
urn:content-classes:messageX-MimeOLE: Produced By Microsoft MimeOLE 
V6.00.2800.1441X-OriginalArrivalTime: 14 Apr 2005 05:30:49.0363 (UTC) 
FILETIME=[1DD32E30:01C540B3]Return-Path: [EMAIL PROTECTED]X-MailPure: 
X-MailPure: 
FORGEDFROM: Message failed FORGEDFROM test (weight 2).X-MailPure: 
X-MailPure: 
Spam Score: 2X-MailPure: Scan Time: 14 Apr 2005 at 01:34:15 
-0400X-MailPure: Spool File: D0039545f00e0819a.SMDX-MailPure: Server 
Name: DH04X-MailPure: SMTP Sender: [EMAIL PROTECTED]X-MailPure: 
Received From: customer-webserver.example.com [###.###.###.###]X-MailPure: 
Country Chain: UNITED STATES-destinationX-MailPure: 
X-MailPure: 
Spam and virus blocking services provided by MailPure.comX-MailPure: 
X-MailPure: 
X-MailPure: 
FORGEDFROM: Message failed FORGEDFROM test (weight 2).X-MailPure: 
X-MailPure: 
Spam Score: 2X-MailPure: Scan Time: 14 Apr 2005 at 01:34:15 
-0400X-MailPure: Spool File: D0039545f00e0819a.SMDX-MailPure: Server 
Name: DH04X-MailPure: SMTP Sender: [EMAIL PROTECTED]X-MailPure: 
Received From: customer-webserver.example.com [###.###.###.###]X-MailPure: 
Country Chain: UNITED STATES-destinationX-MailPure: 
X-MailPure: 
Spam and virus blocking services provided by MailPure.comX-MailPure: 
X-MailPure: 
X-MailPure: 
FORGED

RE: [Declude.JunkMail] Problem loading filter

[Keith Johnson]

I believe all is needed here is to add a @ symbol in from of your domain
in your .txt file

Thus,

@phobraun.com per Jessica's request

-Keith

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 15, 2005 11:12 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] Problem loading filter

Pro version of declude, and been awhile since I've made a filter, so
maybe I am over looking something silly.

global cfg file:

stepDOMblockfromfile
C:\IMail\Declude\Filters\stepDOMblock.txt x   5   0

In C:\IMail\Declude\Filters\ is a txt file named stepDOMblock.txt with
the following line:

phobraun.com per Jessica's request

In that domains declude folder, is jessicah.junkmail with

stepDOMblockDELETE

Declude logs provide the following error:

fromfile: Could not load C:\IMail\Declude\Filters\stepDOMblock.txt
[123].

What am I missing here?



--
[This E-mail scanned for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Problem loading filter

[Keith Johnson]

I have burned by not having deselected Hide file extensions for known
file types, thus my example.txt file was really example.txt.txt  Could
this be the case?

Keith

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 15, 2005 1:05 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Problem loading filter

the path is correct, the file name is correct, tried rebooting, still
same error.  Even went as far as renaming the test and the file and the
adjusting the path accordingly.. same results.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kevin Bilbee
Sent: Friday, April 15, 2005 11:23 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Problem loading filter


I would double\tripple check to see if the path is correct to the filter
file???


Kevin Bilbee

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of 
 [EMAIL PROTECTED]
 Sent: Friday, April 15, 2005 8:48 AM
 To: Declude.JunkMail@declude.com
 Subject: RE: [Declude.JunkMail] Problem loading filter


 should there be a CR?  Currently there is.

 Nothing else has the filter file open.

 I purposely did not add @ to the beginning of the domain because I 
 don't want any mail from any current or future mail servers of theirs.

 As it is now, I will delete anything coming from anything related to
phobraun.com.

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox
 Sent: Friday, April 15, 2005 10:37 AM
 To: Declude.JunkMail@declude.com
 Subject: Re: [Declude.JunkMail] Problem loading filter


 Is there a carriage return after the line in the stepDOMblock.txt
file?

 Any chance something else has the file open and locked?

 Darin.


 - Original Message -
 From: [EMAIL PROTECTED]
 To: Declude.JunkMail@declude.com
 Sent: Friday, April 15, 2005 11:11 AM
 Subject: [Declude.JunkMail] Problem loading filter


 Pro version of declude, and been awhile since I've made a filter, so 
 maybe I am over looking something silly.

 global cfg file:

 stepDOMblock fromfile C:\IMail\Declude\Filters\stepDOMblock.txt x 5 
 0

 In C:\IMail\Declude\Filters\ is a txt file named stepDOMblock.txt with

 the following line:

 phobraun.com per Jessica's request

 In that domains declude folder, is jessicah.junkmail with

 stepDOMblock DELETE

 Declude logs provide the following error:

 fromfile: Could not load
 C:\IMail\Declude\Filters\stepDOMblock.txt [123].

 What am I missing here?



 --
 [This E-mail scanned for viruses by Declude Virus]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.
 --
 [This E-mail scanned for viruses by Declude Virus]



 --
 [This E-mail scanned for viruses by Declude Virus]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
--
[This E-mail scanned for viruses by Declude Virus]



--
[This E-mail scanned for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: Re[2]: [Declude.JunkMail] Huge reduction in hold queue

[Keith Johnson]

Heinrich,
How are you determining your detection rates?  Are you using a
combination of certain tests or overall test percentages?  Thanks for
the time.

Keith

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Heinrich
Richter
Sent: Friday, April 01, 2005 10:57 AM
To: Declude.JunkMail@declude.com
Subject: Re: Re[2]: [Declude.JunkMail] Huge reduction in hold queue

Hello Darin,

it seems that i got a lot of the mails you are missing ;-(

Our volume increased about 25% last month and the number of SPAM
increased about 64%.
Our spam detection rate is about 98% and the overall spamrate has
incresed from 40% to 50% last month.

Heinrich



- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, April 01, 2005 4:47 PM
Subject: Re: Re[2]: [Declude.JunkMail] Huge reduction in hold queue


 Just as a followup, I have confirmed that we have had a 15%+ drop in
 incoming volume.  If that is mostly spam, then that would indicate
almost 
 a
 20% drop in spam.  If most of that is in our hold range (about 40% of
 incoming spam ends up in our hold queue), then it could account for
half 
 or
 more of the drop in held spam.

 Also, we're definitely seeing a significant increase in detection
rates 
 for
 the tests listed below, so a lot less is ending up in our hold queue,
 despite raising the delete limit.

 Anyone else seeing a similar drop in incoming spam and an increase in
 detection rates for the tests listed below?

 Darin.


 - Original Message - 
 From: Darin Cox [EMAIL PROTECTED]
 To: Declude.JunkMail@declude.com
 Sent: Thursday, March 31, 2005 10:56 AM
 Subject: Re: Re[2]: [Declude.JunkMail] Huge reduction in hold queue


 You know, I think was misleading/inaccurate in how I said it. I really

 meant
 accuracy, not detection rate.  I was thinking detection rate as the
number
 of messages detected as spam by the test that were actually spam, but
I
 should have said accuracy.  Sorry for the confusion...language is a
funny
 thing...

 These are the best tests we run, in terms of catching the most spam,
but
 they're not catching at the percentages below.  There are others that
are
 highly accurate as well, but these catch the most volume.

 My apologies again for the confusion.

 Darin.


 - Original Message - 
 From: Pete McNeil [EMAIL PROTECTED]
 To: Darin Cox Declude.JunkMail@declude.com
 Sent: Thursday, March 31, 2005 10:36 AM
 Subject: Re[2]: [Declude.JunkMail] Huge reduction in hold queue


 On Thursday, March 31, 2005, 9:50:05 AM, Darin wrote:

 DC That is very significant, and could explain what I'm seeing.  I'm 
 going
 to
 DC increase my delete weight a bit for a while to make sure there are
no
 high
 DC FPs.

 DC I do see the following detection rates from yesterday (3/30)

 DC AHBL   97.4%
 DC CBL   99.9%
 DC CSMA   97.1%
 DC CSMA-SBL   93.4%
 DC JAMMDNSBL   76.0%
 DC PSBL   96.9%
 DC SBL   99.5%
 DC SENDERDB-BL   96.4%
 DC SNIFFER   98.7%
 DC SPAMCOP   99.7%
 DC UCEPROTECT1   100%
 DC UCEPROTECT2   97.2%

 DC rates for all seem to have increased significantly over the past 
 couple
 of
 DC days.

 WOW! That's weird. I do not show that at all and I've never seen those
 tests throw those kinds of numbers (except SNF looks about right):

 http://www.sortmonster.com/MDLP/MDLP-Example-Short.html

 For example (a quick spot check) -

 Data through last noon to midnight--

 AHBL shows up at about 22% (21.8409)
 SPAMCOP shows up at about 64% (63.5114)
 UCEPROTECCMUL sows up at about 42% (41.6237)
 UCEPROTECRDO shows up at about 48% (48.0324)

 Long range data through last midnight--

 AHBL shows up at about 16% (16.111)
 SPAMCOP shows up at about 62% (62.3942)
 UCEPROTECCMUL shows up at about 42% (41.7421)
 UCEPROTECRDO shows up at about 49% (48.6102)

 All in all these indicate nominal performance.

 Most likely there is something special about the mix of spam you are
 getting, something wrong with your reporting process, or something
 else going on that we haven't thought of.

 To be thorough I also checked some of the MDLP reports from other
 systems that are beta testing it. With few exceptions they show
 numbers similar to mine w/ regard to these tests.

 If I were you I would not make any substantive changes until I tracked
 down what was going on. No need to introduce additional variables by
 changing things ;-)

 DC BTW, I sent to the Junkmail in part so others could comment on
 DC other tests that may have significantly changed.

 It's all good :-)

 _M



 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at 

RE: [Declude.JunkMail] user settings

[Keith Johnson]

Darrell,
I am going to have to test that.  I asked Scott that same
question about a year ago and he said it would shoot the entire email.
I will give it a go.

Keith Johnson 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Wednesday, March 30, 2005 2:10 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] user settings

Goran, 

No, it will actually delete the recipient and deliver to the other
users. 

Darrell 

 

Check out http://www.invariantsystems.com for utilities for Declude And
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
MRTG Integration, and Log Parsers. 

 


Goran Jovanovic writes: 

 Darrell, 
 
 Wouldn't this delete the mail for everyone in the recipient list? 
 
  
  
  
  Goran Jovanovic
  The LAN Shoppe 
 
   
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
 Sent: Wednesday, March 30, 2005 1:18 PM
 To: Declude.JunkMail@declude.com
 Subject: Re: [Declude.JunkMail] user settings 
 
 Roger, 
 
 I am sure there are many ways, but this is how I do it. 
 
 I have a filter file called OLDEMPLOYEE.TXT and inside the filter
 file I
 include lines like this 
 
 ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] 
 
 I assign this filter a very high weight to ensure that it gets
 deleted.
 
 Darrell 
 



 Check out http://www.invariantsystems.com for utilities for Declude
 And
 Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI
 integration,
 MRTG
 Integration, and Log Parsers. 
 
 Schmeits, Roger writes: 
 
  I have an email address that constantly get spam. The former owner
 is no
  longer with us. Currently Imail  Declude are acting as a gateway
to
 a
  back-end Imail and Exchange server. How does one go about killing
 this
 email
  address at the gateway level?
 
 
 
  Please note that we handle a couple different domains, mainly
  clarksoncollege.edu and one for the students and alumni members.
 
 
 
  Thanks.
 
 
 
 
 
  RS
  
 
  
 



 Check out http://www.invariantsystems.com for utilities for Declude
 And
 Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI
 integration,
 MRTG
 Integration, and Log Parsers. 
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] OT: RFC DNS Information

[Keith Johnson]

Does the following break in RFC compliance issues with servers required to 
accept email?  Customer has proper PTR Records for IP, however, domain name is 
a private one, i.e. customer.localThanks for the aid.
 
Denied Message Reads:
 
Our mail system now 'requires' that your outgoing mail servers
identify with a valid hostname.  The only requirement is that it
exist in DNS publicly.
 
 
-Keith
 
 

RE: [Declude.JunkMail] OT: Windows 2003 Web Edition for a mail server

[Keith Johnson]

Title: Message



Andrew, 
 Not sure if this applies here, but here 
is Microsoft stance on Hyperthreading CPU's...


Microsoft says...Per Processor LicensingFor 
currently available Microsoft servers products licensed on a per processor basis 
(e.g., Microsoft SQL Server, Microsoft BizTalk Server, Microsoft Content 
Management Server, etc.), one processor license for each physical processor on 
the server is required. Therefore, customers only need to acquire one processor 
license for each physical HTT even though the software may count one HTT as two 
logical processors. See the full deal at:http://www.microsoft.com/licensing/downloads/hyper_threading.doc


Keith


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, 
AndrewSent: Wednesday, February 02, 2005 3:16 PMTo: 
Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] OT: 
Windows 2003 Web Edition for a mail server

I've 
no comment to offer on the suitability of flavour of Windows 2003 for IMail, but 
I can comment on how the Hyperthreading is treated.

On all 
Windows 2003 servers with hyperthreading enabled, you will see double the number 
of physical CPUs in the Task Manager, in the Device Manager, and in 
WinMSD. This lets applications see 4 CPUs on a dual server. However 
for thread scheduling and for licencing the OS, the HAL (Hardware Abstraction 
Layer) knows which ones are the physical CPUs and which are the virtual 
CPUs.

Windows 2000 servers do not have that distinction, and Microsoft will not 
back-port the logic from W2K3 to W2K. W2K sees hyperthreading virtual CPUs 
as physical CPUs, so you would get into licencing issues if the number of CPUs 
exceeds your licence.

You 
would also get into performance issues because Microsoft simply uses the first 
CPUs it sees and ignores the ones that exceed your licence; as the order of 
discovery is physical, virtual, physical, virtual... you end up using half 
physical and half virtual CPUs, when what you wantare only the CPUs that 
are physical to fit in your licence constraint. Therefore, if you have a 
licencing problem with W2K, either upgrade to W2K3 or turn off 
hyperthreading.

Andrew 
8)

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of MattSent: Wednesday, February 02, 2005 11:17 
  AMTo: Declude.JunkMail@declude.comSubject: 
  [Declude.JunkMail] OT: Windows 2003 Web Edition for a mail 
  serverAfter watching things run for a couple of weeks on 
  Windows 2003 Server, I have concluded that my IMail/Declude setup is running 
  +30% more efficiently than it did on Windows 2000. Because of this, I am 
  thinking of getting rid of my Windows 2000 installations and replacing them 
  with Windows 2003.I haven't noted much discussion around here 
  regarding Windows 2003 Web Edition as a suitable host for 
  IMail/Declude. From what I have read, I don't believe there are any 
  limitations that would prevent this setup from running properly, though I'm 
  not yet positive at this point. Here is a link to the matrix that 
  Microsoft has published: http://www.microsoft.com/windowsserver2003/evaluation/features/compareeditions.mspxThe 
  only thing that stands out is the limitations to 2-Way SMP whereas Standard 
  Edition supports 4-Way SMP. I'm not sure if dual hyperthreaded 
  processors are the equivalent of 2- or 4-Way SMP. Maybe someone could 
  offer up some knowledge there. Even if so, the hyperthreading can be 
  disabled, and I'm not convinced that having 4 processors/instances is 
  beneficial to the environment.I also know that MS SQL server can't be 
  run on Web Edition, but that isn't an issue here. All of the other 
  things that it says it won't support are things that I would have disabled 
  anyway.So does anyone here have any experience with Web Edition and 
  the limitations, and have an opinion about whether or not this would work with 
  an IMail/Declude setup (or for that matter another E-mail platform since IMail 
  will soon enough be 86'd).Thanks,Matt-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

RE: [Declude.JunkMail] [OT] Exchange2Alias Question

[Keith Johnson]

Scott,
   Works great, thanks for the tip.  Ended up using a program called cpau 
that allows you to specify the password in the batch file since runas requires 
manual entry and Win 2003 scheduler couldn't validate user/pass during job 
setup.  Again, thanks.
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Scott Fosseen 
Sent: Thu 1/27/2005 5:54 PM 
To: Declude.JunkMail@declude.com 
Cc: 
Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question



You need to run the script with username/password of a user on the LDAP 
server.  If you uses the Windows Scheduler it will ask for a 
username/password to run the program.  Just create a local user on the 
box 
that runs the script with the same username/password as an account on 
the 
LDAP Server. 

To test the script from a command prompt you will need to run this 
command 
runas /netonly /user:domain/username cmd 
The runas program will ask for your password then open up a command 
window 
allowing you to run the script as if you are logged in as that user. 
_ 
Scott Fosseen - Systems Engineer -Prairie Lakes AEA 
http://fosseen.us/scott 
_ 
There are 10 types of people in this world, those that understand 
binary, and those that don't. 
_ 

- Original Message - 
From: Keith Johnson [EMAIL PROTECTED] 
To: Declude.JunkMail@declude.com 
Sent: Wednesday, January 26, 2005 5:32 PM 
Subject: RE: [Declude.JunkMail] [OT] Exchange2Alias Question 


Sandy, 
Thanks for your reply.  I did use the LDAP Browser from Softerra 
(great tool by the way), it reports the RootDSE correctly during setup. 
What does an error of 0x80005000 indicate?  Is this a permission error? 


When I use the Softerra utility, if I specify anonymous, then I 
do not see the Users container, however, if I specify the domain\user 
and a password, then I can get the full Users container.  Is this by 
design? 

Thanks again for the aid. 

Keith 

-Original Message- 
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sanford 
Whiteman 
Sent: Wednesday, January 26, 2005 12:25 PM 
To: Keith Johnson 
Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question 

 I opened port 389 through a client firewall from our Imail Server 
 (just in testing) and attempted to query their server using the 
 exchange2alias script, however, it is returning the following error: 

 ---Export Started--- 
 C:\Documents and 
 Settings\Administrator\Desktop\exchange2aliases.vbs(41, 
 1) (nul 
 l): A referral was returned from the server. 

This  indicates  a  mismatch  between  your search base and the domain 
hosted  by that AD server. If you use LDAP Browser (www.softerra.com), 
is  that search base shown up when you query the LDAP server's RootDSE 
while setting up the new profile? 

--Sandy 


 
Sanford Whiteman, Chief Technologist 
Broadleaf Systems, a division of 
Cypress Integrated Systems, Inc. 
e-mail: [EMAIL PROTECTED] 

SpamAssassin plugs into Declude! 


http://www.mailmage.com/products/software/freeutils/SPAMC32/download/rel 
ease/ 

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail 
Aliases! 


http://www.mailmage.com/products/software/freeutils/exchange2aliases/dow 
nload/release/ 


http://www.mailmage.com/products/software/freeutils/ldap2aliases/downloa 
d/release/ 

--- 
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)] 

--- 
This E-mail came from the Declude.JunkMail mailing list.  To 
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
unsubscribe Declude.JunkMail.  The archives can be found at 
http://www.mail-archive.com. 

--- 
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)] 

--- 
This E-mail came from the Declude.JunkMail mailing list.  To 
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and 
type unsubscribe Declude.JunkMail.  The archives can be found 
at http://www.mail-archive.com. 
--- 
[This E-mail scanned for viruses by Declude Virus on the server 
aea8.k12.ia.us

RE: [Declude.JunkMail] [OT] Exchange2Alias Question

[Keith Johnson]

Scott,
  Sweet, I knew there had to be a way to get this to fire, however, I was 
going at it via an LDAP param vs a simple Windows one.  I will give it a try.  
Thanks again, will give it a try tomorrow.
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Scott Fosseen 
Sent: Thu 1/27/2005 5:54 PM 
To: Declude.JunkMail@declude.com 
Cc: 
Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question



You need to run the script with username/password of a user on the LDAP 
server.  If you uses the Windows Scheduler it will ask for a 
username/password to run the program.  Just create a local user on the 
box 
that runs the script with the same username/password as an account on 
the 
LDAP Server. 

To test the script from a command prompt you will need to run this 
command 
runas /netonly /user:domain/username cmd 
The runas program will ask for your password then open up a command 
window 
allowing you to run the script as if you are logged in as that user. 
_ 
Scott Fosseen - Systems Engineer -Prairie Lakes AEA 
http://fosseen.us/scott 
_ 
There are 10 types of people in this world, those that understand 
binary, and those that don't. 
_ 

- Original Message - 
From: Keith Johnson [EMAIL PROTECTED] 
To: Declude.JunkMail@declude.com 
Sent: Wednesday, January 26, 2005 5:32 PM 
Subject: RE: [Declude.JunkMail] [OT] Exchange2Alias Question 


Sandy, 
Thanks for your reply.  I did use the LDAP Browser from Softerra 
(great tool by the way), it reports the RootDSE correctly during setup. 
What does an error of 0x80005000 indicate?  Is this a permission error? 


When I use the Softerra utility, if I specify anonymous, then I 
do not see the Users container, however, if I specify the domain\user 
and a password, then I can get the full Users container.  Is this by 
design? 

Thanks again for the aid. 

Keith 

-Original Message- 
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sanford 
Whiteman 
Sent: Wednesday, January 26, 2005 12:25 PM 
To: Keith Johnson 
Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question 

 I opened port 389 through a client firewall from our Imail Server 
 (just in testing) and attempted to query their server using the 
 exchange2alias script, however, it is returning the following error: 

 ---Export Started--- 
 C:\Documents and 
 Settings\Administrator\Desktop\exchange2aliases.vbs(41, 
 1) (nul 
 l): A referral was returned from the server. 

This  indicates  a  mismatch  between  your search base and the domain 
hosted  by that AD server. If you use LDAP Browser (www.softerra.com), 
is  that search base shown up when you query the LDAP server's RootDSE 
while setting up the new profile? 

--Sandy 


 
Sanford Whiteman, Chief Technologist 
Broadleaf Systems, a division of 
Cypress Integrated Systems, Inc. 
e-mail: [EMAIL PROTECTED] 

SpamAssassin plugs into Declude! 


http://www.mailmage.com/products/software/freeutils/SPAMC32/download/rel 
ease/ 

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail 
Aliases! 


http://www.mailmage.com/products/software/freeutils/exchange2aliases/dow 
nload/release/ 


http://www.mailmage.com/products/software/freeutils/ldap2aliases/downloa 
d/release/ 

--- 
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)] 

--- 
This E-mail came from the Declude.JunkMail mailing list.  To 
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
unsubscribe Declude.JunkMail.  The archives can be found at 
http://www.mail-archive.com. 

--- 
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)] 

--- 
This E-mail came from the Declude.JunkMail mailing list.  To 
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and 
type unsubscribe Declude.JunkMail.  The archives can be found 
at http://www.mail-archive.com. 
--- 
[This E-mail scanned for viruses by Declude Virus on the server 
aea8.k12.ia.us] 


--- 
[This E-mail scanned for viruses

RE: [Declude.JunkMail] [OT] Exchange2Alias Question

[Keith Johnson]

Sandy,
Thanks for your reply.  I did use the LDAP Browser from Softerra
(great tool by the way), it reports the RootDSE correctly during setup.
What does an error of 0x80005000 indicate?  Is this a permission error?


When I use the Softerra utility, if I specify anonymous, then I
do not see the Users container, however, if I specify the domain\user
and a password, then I can get the full Users container.  Is this by
design?

Thanks again for the aid.

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sanford
Whiteman
Sent: Wednesday, January 26, 2005 12:25 PM
To: Keith Johnson
Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question

 I opened port 389 through a client firewall from our Imail Server 
 (just in testing) and attempted to query their server using the 
 exchange2alias script, however, it is returning the following error:

 ---Export Started---
 C:\Documents and
 Settings\Administrator\Desktop\exchange2aliases.vbs(41,
 1) (nul
 l): A referral was returned from the server.

This  indicates  a  mismatch  between  your search base and the domain
hosted  by that AD server. If you use LDAP Browser (www.softerra.com),
is  that search base shown up when you query the LDAP server's RootDSE
while setting up the new profile?

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
 
http://www.mailmage.com/products/software/freeutils/SPAMC32/download/rel
ease/

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail
Aliases!
 
http://www.mailmage.com/products/software/freeutils/exchange2aliases/dow
nload/release/
 
http://www.mailmage.com/products/software/freeutils/ldap2aliases/downloa
d/release/

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] [OT] Exchange2Alias Question

[Keith Johnson]

I opened port 389 through a client firewall from our Imail Server (just
in testing) and attempted to query their server using the exchange2alias
script, however, it is returning the following error:

---Export Started---
C:\Documents and Settings\Administrator\Desktop\exchange2aliases.vbs(41,
1) (nul
l): A referral was returned from the server.

I did a netstat -an on their Exchange and see that I am connecting
through to their server from my ip.  The following is a sample of my
string (company removed, with example in its place)

C:\Documents and Settings\Administrator\Desktopcscript
exchange2aliases.vbs example.com
LDAP://out.side.ip.address/cn=Users,dc=example,dc=com example.com
exch2alias.example.local

Where 1st example.com is virtual domain in Imail
Where dc=example,dc=com is actually FQDN for SMTP
Where next example.com is main Exchange address
Where exch2alias.example.local is additional Rec. Policy added (all
users have as 2nd or 3rd address)

Thanks for the aid.



---
Keith Johnson

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] [OT] Exchange2Aliases - Nested OU's

[Keith Johnson]

Sandy,
Along those lines, what is the proper way of going about ldap'ing 2 or 
more OU's in order to get all the email addresses.  What I have been doing is 
calling the script 3 times (different scripts and params) and using the flag 
that removes all entries on the first pass only.  However, I didn't know if 
there is a way to get them all in one line.  Thanks again, this has saved a lot 
of CPU cycles as well as outbound connections.
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Sanford Whiteman 
Sent: Tue 1/4/2005 2:29 AM 
To: Scott Fosseen 
Cc: 
Subject: Re: [Declude.JunkMail] [OT] Exchange2Aliases - Nested OU's



 If  I  enter 'ou=Tech Department,...' I get the message Object not
 found. . .

As  spaces  are  totally legit in LDAP without any escaping (except at
the beginning or end of URIs--but who's going to do that on purpose?),
the  most  correct  reference  in  LDAP  terms  is  to leave out all
single/double quotes and just stick with the plain string:

OU=Tech Department,OU=Admin Building,DC=example,DC=com

However,  there's  an  outstanding  bug in exchange2aliases itself: it
doesn't  parse  arguments  with  embedded  spaces.  Force-escaping the
spaces themselves should help, though:

OU=Tech\20Department,OU=Admin\20Building,DC=example,DC=com

Note  to anyone else who's listening: this will also solve the problem
of  grabbing  mail-enabled public folders from the space-ridden system
area:

CN=Microsoft\20Exchange\20System\20Objects,DC=example,DC=com

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
  
http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail 
Aliases!
  
http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/
  
http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/

---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] [OT] exchange2aliases for dummies

[Keith Johnson]

We have a few customers with multiple OU's that contain employees (i.e.
by Departments).  Is there a way to include all the OU's on a single
LDAP:// parameter line or do I need to just run it several times for
each OU and not use the -nc flag except on the very first run.  Thanks
again,

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] [OT] exchange2aliases for dummies

[Keith Johnson]

Andrew,
  Is the only lines you altered in Sandy's script were:
 
cscript exchange2aliases.vbs storeforward.mydomain.com
LDAP://10.192.0.1/cn=users,dc=bentall,dc=local mydomain.com mydomain.com
 
Going for a test ride tomorrow.

Thanks for the aid,

Keith


-Original Message- 
From: [EMAIL PROTECTED] on behalf of Colbeck, Andrew 
Sent: Sat 11/13/2004 11:04 PM 
To: '[EMAIL PROTECTED]' 
Cc: 
Subject: [Declude.JunkMail] [OT] exchange2aliases for dummies



Sandy, I'm having problems in getting this working on a test machine.  
I'm
missing some obvious step...

Recap:

My production environment is such that I run IMail+Declude as my 
gateway, in
front of an Exchange 2000 environment, so I'm a good candidate for using
your exchange2aliases script.  We gateway a half dozen domains through 
the
IMail gateway, and some of those have a relatively small userbase, so 
I'll
start with testing one of those.

In the production environment, the SMTP addresses for a user are
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] etc. and not in 
the
Active Directory, i.e. not something like [EMAIL PROTECTED]

I installed a fresh copy of IMail v8.12 on the test machine.

For the Official Host Name I chose the same as my production box,
mail.bentall.com and it is listening on the local, non-routeable IP, 
which
is the only IP on the test machine.

I then added a host, gave it an Official Host Name of
storeforward.mydomain.com and a Host Alias of mydomain.com and 
set it
as a virtual host so that I wouldn't have to give it a unique IP.

Then I added an entry to the test machine's hosts. file so that it 
knew
that 192.168.116.100 is the IP for the internal Exchange 2000 that is 
our
current gateway, e.g. 192.168.116.100 mydomain.com

Then I set the log format to SYDMMDD.txt and turn on the Debug and 
Verbose
options.

Then I ran exchange2alias like so:

cscript exchange2aliases.vbs storeforward.mydomain.com
LDAP://10.192.0.1/cn=users,dc=bentall,dc=local mydomain.com mydomain.com

I could then view all the lovely aliases in IMail.

I then used a command line utility, postie, to send a simple message to 
that
test IMail server, with a bogus to: address:

postie -host:192.168.116.25 -to:[EMAIL PROTECTED]
-from:[EMAIL PROTECTED] -s:This is the subject -msg:This is the 
body.
-v:9

The message is refused.  Joy!

I then used a command line utility, postie, to send a simple message to 
that
test IMail server, with a valid to: address:

postie -host:192.168.116.25 -to:[EMAIL PROTECTED]
-from:[EMAIL PROTECTED] -s:This is the subject -msg:This is the 
body.
-v:9

The message is accepted (joy!), and the IMail log shows that it is 
queued,
but also this:

11:13 19:24 SMTP-() Info - Adding Queue file
C:\IMail\spool\Qcff500b70dc64580.SMD
11:13 19:24 SMTP-(cff500b70dc64580) processing
C:\IMail\spool\Qcff500b70dc64580.SMD
11:13 19:24 SMTP-(cff500b70dc64580) ERR alias loop in [EMAIL PROTECTED]
11:13 19:24 SMTP-(cff500b70dc64580) finished
C:\IMail\spool\Qcff500b70dc64580.SMD status=1

that there is an alias loop (boo!) and the message evaporates from the 
spool
folder.

I've spent a *lot* of time on this now with a multitude of 
combinations, and
it's just not working.  I've tried a real host IP, I've tried adding the
host alias to the primary OHN that I had created for our default 
domain,
and ...

What am I missing!?

Andrew 8)



---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] LOG Levels

[Keith Johnson]

Mark,
I would grab V-Fileviewer, it opens large files in chunks, much
faster.  Opens 500MB files in seconds.

http://www.fileviewer.com 

Keith

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark E. Smith
Sent: Thursday, November 04, 2004 3:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] LOG Levels

We have 4 inbound equal MX servers each with 250-350 per day so we're
about the same in net-net load.
I started writing a log parsing program that will consolidate the logs
and insert them into a central SQL database.
That way I'll be able to do a query on a message and debug much easier.

The problem right now is loading a 350mb (let alone 1.6GB) file with
notepad. :)


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Glenn \ WCNet
 Sent: Thursday, November 04, 2004 3:24 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.JunkMail] LOG Levels

 My Declude logs at HIGH range between 1.2 and 1.6 GIGABYTES.
 The log for
 11/3 is 1,701,795 KB.


 - Original Message -
 From: Mark E. Smith [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, November 04, 2004 9:03 AM
 Subject: [Declude.JunkMail] LOG Levels


  I've always used LOGLEVEL HIGH on my systems but I'm
 reconsidering that
  these days since our logs are running 250mb - 350mb.
 
  I use a number of log reports (DLAnalyizer, etc)
 
  If I switch to LOGLEVEL MID will I lose anything in my log reporting
 utils?
 
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To 
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
  unsubscribe Declude.JunkMail.  The archives can be found at 
  http://www.mail-archive.com.
 

 ---
 [This E-mail was scanned for viruses by Declude Virus 
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Question about Filters

[Keith Johnson]

Scott,
  Is there any size limitation (# of entries per file) imposed on
fromfiles or the number or fromfiles you can have listed in the
Global.cfg?

Thanks,

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, November 02, 2004 1:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Question about Filters


After reviewing my Debug log, I found that the FromFiles are run first.
Obviously, most email is spoofed and therefore will not show up, 
however, does Declude actually check fromfile for the mailfrom line or 
what it shows up as the X-Declude-Sender line?

Both.  The X-Declude-Sender: header displays the return address (MAIL
FROM from the SMTP envelope), which is the same one that the fromfile

test type (and anything else in Declude JunkMail) looks at.

If it is indeed the X-Declude-Sender, it seems it would be benefical to

move the domains from our filter files into fromfiles thus allowing for

a reduction on CPU processing since they are run first (while using 
SKIPIFWEIGHT lines in filters).

That sounds like it would work fine.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in
mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.



This outgoing message is guaranteed to be authentic by Message Level
users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Question about Filters

[Keith Johnson]

Can you use the SKIPIFWEIGHT and MAXWEIGHT in the fromfiles? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson
Sent: Wednesday, November 03, 2004 2:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Question about Filters

Scott,
  Is there any size limitation (# of entries per file) imposed on
fromfiles or the number or fromfiles you can have listed in the
Global.cfg?

Thanks,

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, November 02, 2004 1:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Question about Filters


After reviewing my Debug log, I found that the FromFiles are run first.
Obviously, most email is spoofed and therefore will not show up, 
however, does Declude actually check fromfile for the mailfrom line or 
what it shows up as the X-Declude-Sender line?

Both.  The X-Declude-Sender: header displays the return address (MAIL
FROM from the SMTP envelope), which is the same one that the fromfile

test type (and anything else in Declude JunkMail) looks at.

If it is indeed the X-Declude-Sender, it seems it would be benefical to

move the domains from our filter files into fromfiles thus allowing for

a reduction on CPU processing since they are run first (while using 
SKIPIFWEIGHT lines in filters).

That sounds like it would work fine.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in
mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.



This outgoing message is guaranteed to be authentic by Message Level
users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] subjectchars

[Keith Johnson]

Anyone have an issue using gmail.com email that is fails the
subjectchars test if you place more than one word in the subject line?  

Line reads:

LONGSUBJsubjectchars60  *   0   0

Subject Line used: Test Me

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Question about Filters

[Keith Johnson]

After reviewing my Debug log, I found that the FromFiles are run first.
Obviously, most email is spoofed and therefore will not show up,
however, does Declude actually check fromfile for the mailfrom line or
what it shows up as the X-Declude-Sender line?  If it is indeed the
X-Declude-Sender, it seems it would be benefical to move the domains
from our filter files into fromfiles thus allowing for a reduction on
CPU processing since they are run first (while using SKIPIFWEIGHT lines
in filters).  Thanks for the aid.



---
Keith Johnson
Senior Network Engineer
Network Advocates, Inc.
9001 Shelbyville Road
Burhans Hall, Suite 260
Louisville, KY 40228
TEL: 502.992.5928
FAX: 502.412.1058
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Hijack Question

[Keith Johnson]

Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing
email to passthru?  For example, one of our customers AUTH to our server
via their account, it will then not be scanned by Junkmail nor Hijack?
Thanks for the time.



---
Keith Johnson
Senior Network Engineer
Network Advocates, Inc.
9001 Shelbyville Road
Burhans Hall, Suite 260
Louisville, KY 40228
TEL: 502.992.5928
FAX: 502.412.1058
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Hijack Question

[Keith Johnson]

Also,
I see where Hijack requires Deccon.exe.  We run Win2000 SP4 and
terminal service into the server for remote admin.  Does deccon.exe only
run on the console session?  I read that when the threshhold2 value is
reached, deccon is opened and once it is closed the flag will be reset?
However, using term services on Win2000 SP4 does not allow connection to
the console.  Thanks for the aid.

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson
Sent: Monday, October 25, 2004 2:51 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Hijack Question

Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing
email to passthru?  For example, one of our customers AUTH to our server
via their account, it will then not be scanned by Junkmail nor Hijack?
Thanks for the time.



---
Keith Johnson
Senior Network Engineer
Network Advocates, Inc.
9001 Shelbyville Road
Burhans Hall, Suite 260
Louisville, KY 40228
TEL: 502.992.5928
FAX: 502.412.1058
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Hijack Question

[Keith Johnson]

 Scott, 
(I apologize for the questions, just learning product, since no
trial)  With the below said, there is really no reason to login and
close the deccon.exe via the Desktop unless there is an issue with it or
something needs to be hard reset?  Some of our customers have had DHA's
lately and wanting to head this off, and Hijack seems like a good fit.
What are most using as their Threshhold weights in an ISP type arena?
Thanks again,

Keith


Close.  The window is opened as soon as an E-mail arrives.  If you
close the window, the flags will be reset, and the 
window will be opened when the next E-mail arrive.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Skipifweight question

[Keith Johnson]

Since the fromfiles are loaded first and weight assigned after it gets a
hit, even before RBL's, can I use the skipifweight or STOPATFIRSTHIT
option in the fromfiles?  Thanks for the aid.

Keith  
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: Re[2]: [Declude.JunkMail] Filter file maintenance suggestion

[Keith Johnson]

Sanford,
   What type of CPU overhead do you experience with running SA/SPAMD with Declude? 
 I saw the tech doc and it mentioned that it takes up 20MB of memory for each config 
file load in serial.  Are you aware of anyone running this on machines pulling over 
200K emails each day?
 
Thanks for the aid.  
 
Keith  

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Sanford Whiteman 
Sent: Wed 10/6/2004 6:52 PM 
To: Bill Landry 
Cc: 
Subject: Re[2]: [Declude.JunkMail] Filter file maintenance suggestion



 In  the mean time, you can always setup a Linux mail gateway and use
 SpamAssassin, or use the Win32 version of SpamAssassin with DJM (see
 Sandy Whiteman's e-mail signature).

Or  both!  You  can  run  the  SPAMD  daemon on any platform, but have
SPAMC32  query  it from Declude Junkmail. Running SPAMD elsewhere will
eliminate all the local RegEx resource utilization, and having SPAMC32
run  within  Declude should save you local resources vs. searching for
SpamAssassin  header tags on every Declude pass. SPAMC32 also lets you
assign  different  weights  to  different  SPAMD  rulesets  (different
daemons) and more.

[  Don't  worry,  I'll  cool  off the cheerleading the moment a lot of
SPAMC32 support posts come in. :) ]

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
  http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
  
http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/
  
http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] E-Mail to download v1.8

[Keith Johnson]

Jeff,
I was able to get it via my account login at www.declude.com.  
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Jeff Maze 
Sent: Tue 9/28/2004 10:33 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [Declude.JunkMail] E-Mail to download v1.8



Hello,
Just wanted to know if there's a place to download the latest .cfg
files to handle the v1.8 additions.  Or even an updated declude manual?

Thanks..


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

[Declude.JunkMail] domainwhitelists flag

[Keith Johnson]

Does the DOMAINWHITELISTS flag override the WHITELISTFILE entry that you can list in 
the per domain config file and is it required?  Does it require the whitelist file to 
be named whitelist.txt?  We have been running 1.79 for awhile, but noticed it in the 
Release notes, but been using WHITELISTFILE for a long time.  Thanks for the aid.
 
Per Release Notes:
DOMAINWHITELISTS ON option, to allow for per-domain whitelist files at 
\IMail\Declude\example.com\whitelist.txt.
 
Keith
winmail.dat

RE: [Declude.JunkMail] Whitelister / Blacklister

[Keith Johnson]

Would love to have a look at it.  Thanks for the offer.
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Matt Goodhue 
Sent: Mon 9/20/2004 8:17 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Declude.JunkMail] Whitelister / Blacklister



I would be very interested in these programs.  Right now we do all this 
manually, it would be cool to have an automatic way.   Can they run on a per domain 
setup, or just configured for a single domain?

 

Thanks.
Matt

 

 


  _  


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timothy L. 
Chandler
Sent: Monday, September 20, 2004 8:16 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Whitelister / Blacklister

 

Hi everyone,

 

I wrote a program we have been using at my company successfully for a while 
now.  They are two visual basic executables  a whitelister and a blacklister.  To 
add a new whitelisted user to a whitelist file, one must simply set up a program alias 
and send an e-mail with an e-mail from the user attached, or the header info from the 
e-mail.  I use Outlook and I simply send the e-mails as attachments to a new e-mail. 
The program parses the e-mail, skips the first from user name (yours obviously), and 
then processes all attachments for more from e-mail addresses, up to 25.  For 
blacklisting, it parses the senders ip and adds to a blacklist.  It is very 
convenient.  Anybody interested in these programs?  I could have Scott post them to 
the free web tools if anyone wants them

 

Tim

winmail.dat

[Declude.JunkMail] File Lock Issue

[Keith Johnson]

I am running Imail 8.13 with Declude 1.79i16 on Win2003 Server and any inbound email 
to our server receives the following message.  If I email locally, I get good clean 
ldelivers.  I checked my AV Scanners and they are not monitoring the server at all, 
have them disabled.  Any suggestions would be great.
 
 
Declude Junkmail Log Reports:
 
Q4cb2000b01aeb4b0 WARNING: Could not unlock C:\IMail\spool\_4cb2000b01aeb4b0.~MD; it 
has been deleted.
 
Imail SMTP Log Reports:
 
(4cb70d00e10a) [E] lock file exists for C:\IMail\spool\Q4cb2000b01aeb4b0.SMD
 
Keith

RE: [Declude.JunkMail] File Lock Issue

[Keith Johnson]

I apologize, to clarify the good clean ldelivers were shown while using Web 
Messaging, not SMTP. 
 
Thanks again for the aid.
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Keith Johnson 
Sent: Sat 9/18/2004 11:00 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [Declude.JunkMail] File Lock Issue



I am running Imail 8.13 with Declude 1.79i16 on Win2003 Server and any inbound 
email to our server receives the following message.  If I email locally, I get good 
clean ldelivers.  I checked my AV Scanners and they are not monitoring the server at 
all, have them disabled.  Any suggestions would be great.


Declude Junkmail Log Reports:

Q4cb2000b01aeb4b0 WARNING: Could not unlock 
C:\IMail\spool\_4cb2000b01aeb4b0.~MD; it has been deleted.

Imail SMTP Log Reports:

(4cb70d00e10a) [E] lock file exists for 
C:\IMail\spool\Q4cb2000b01aeb4b0.SMD

Keith
NyuujjrxNrzujryjmrxjqy 

winmail.dat

RE: [Declude.JunkMail] File Lock Issue

[Keith Johnson]

I turned on Debug, this is what the Junkmail and Virus Log indicate:
 
Junkmail:
 
09/18/2004 11:28:28.171 Q541a00110178b4b6 C:\IMail\spool\Q541a00110178b4b6.SMD
09/18/2004 11:28:28.171 Q541a00110178b4b6 Unlocked 
C:\IMail\spool\Q541a00110178b4b6.SMD.
09/18/2004 11:28:28 Q541a00110178b4b6 WARNING: Could not unlock 
C:\IMail\spool\_541a00110178b4b6.~MD; it has been deleted.
09/18/2004 11:28:28.171 Q541a00110178b4b6 Passing to SMTP3: C:\IMail\smtp32.exe 
C:\IMail\spool\Q541a00110178b4b6.SMD.
 
Virus:
 
09/18/2004 11:28:26.828 Q541a00110178b4b6 Deleted 
C:\IMail\spool\D541a00110178b4b6.vir\0.
09/18/2004 11:28:26.828 Q541a00110178b4b6 report.txt
09/18/2004 11:28:26.828 Q541a00110178b4b6 Deleted 
C:\IMail\spool\D541a00110178b4b6.vir\report.txt.
09/18/2004 11:28:26.828 Q541a00110178b4b6 han=14a588 b=False
09/18/2004 11:28:26.828 Q541a00110178b4b6 Scanned: OK
09/18/2004 11:28:26.828 Q541a00110178b4b6 High code=0.
09/18/2004 11:28:26.828 Q541a00110178b4b6 AV returned 0
09/18/2004 11:28:28.171 Q541a00110178b4b6 About to pass off E-mail; daisychain set to 
smtp32.exe.
09/18/2004 11:28:28.171 Q541a00110178b4b6 Passing to SMTP3: C:\IMail\smtp32.exe 
C:\IMail\spool\Q541a00110178b4b6.SMD.

Thanks, Keith
 

-Original Message- 
From: Keith Johnson on behalf of Keith Johnson 
Sent: Sat 9/18/2004 11:20 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Declude.JunkMail] File Lock Issue


I apologize, to clarify the good clean ldelivers were shown while using Web 
Messaging, not SMTP. 
 
Thanks again for the aid.
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Keith Johnson 
Sent: Sat 9/18/2004 11:00 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [Declude.JunkMail] File Lock Issue



I am running Imail 8.13 with Declude 1.79i16 on Win2003 Server and any 
inbound email to our server receives the following message.  If I email locally, I get 
good clean ldelivers.  I checked my AV Scanners and they are not monitoring the server 
at all, have them disabled.  Any suggestions would be great.


Declude Junkmail Log Reports:

Q4cb2000b01aeb4b0 WARNING: Could not unlock 
C:\IMail\spool\_4cb2000b01aeb4b0.~MD; it has been deleted.

Imail SMTP Log Reports:

(4cb70d00e10a) [E] lock file exists for 
C:\IMail\spool\Q4cb2000b01aeb4b0.SMD

Keith
NyuujjrxNrzujryjmrxjqy 

winmail.dat

RE: [Declude.JunkMail] File Lock Issue

[Keith Johnson]

John,
   The retry timer is the default for Imail (every 30 min.).  This is for every 
single SMTP message accepted by the server.  Thanks for the aid.
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of John Tolmachoff (Lists) 
Sent: Sat 9/18/2004 11:59 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Declude.JunkMail] File Lock Issue



What is the retry timer set for in Queue Manager?

 

Is this happening on all messages?

 

 

John Tolmachoff

Engineer/Consultant/Owner

eServices For You

 

-Original Message-
From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson
Sent: Saturday, September 18, 2004 8:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] File Lock Issue

 

I turned on Debug, this is what the Junkmail and Virus Log indicate:

 

Junkmail:

 

09/18/2004 11:28:28.171 Q541a00110178b4b6 C:\IMail\spool\Q541a00110178b4b6.SMD
09/18/2004 11:28:28.171 Q541a00110178b4b6 Unlocked 
C:\IMail\spool\Q541a00110178b4b6.SMD.
09/18/2004 11:28:28 Q541a00110178b4b6 WARNING: Could not unlock 
C:\IMail\spool\_541a00110178b4b6.~MD; it has been deleted.
09/18/2004 11:28:28.171 Q541a00110178b4b6 Passing to SMTP3: 
C:\IMail\smtp32.exe C:\IMail\spool\Q541a00110178b4b6.SMD.

 

Virus:

 

09/18/2004 11:28:26.828 Q541a00110178b4b6 Deleted 
C:\IMail\spool\D541a00110178b4b6.vir\0.
09/18/2004 11:28:26.828 Q541a00110178b4b6 report.txt
09/18/2004 11:28:26.828 Q541a00110178b4b6 Deleted 
C:\IMail\spool\D541a00110178b4b6.vir\report.txt.
09/18/2004 11:28:26.828 Q541a00110178b4b6 han=14a588 b=False
09/18/2004 11:28:26.828 Q541a00110178b4b6 Scanned: OK
09/18/2004 11:28:26.828 Q541a00110178b4b6 High code=0.
09/18/2004 11:28:26.828 Q541a00110178b4b6 AV returned 0
09/18/2004 11:28:28.171 Q541a00110178b4b6 About to pass off E-mail; daisychain 
set to smtp32.exe.
09/18/2004 11:28:28.171 Q541a00110178b4b6 Passing to SMTP3: 
C:\IMail\smtp32.exe C:\IMail\spool\Q541a00110178b4b6.SMD.

Thanks, Keith

 

-Original Message- 
From: Keith Johnson on behalf of Keith Johnson 
Sent: Sat 9/18/2004 11:20 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Declude.JunkMail] File Lock Issue

I apologize, to clarify the good clean ldelivers were shown while 
using Web Messaging, not SMTP. 

 

Thanks again for the aid.

 

Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Keith Johnson 
Sent: Sat 9/18/2004 11:00 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [Declude.JunkMail] File Lock Issue

I am running Imail 8.13 with Declude 1.79i16 on Win2003 Server 
and any inbound email to our server receives the following message.  If I email 
locally, I get good clean ldelivers.  I checked my AV Scanners and they are not 
monitoring the server at all, have them disabled.  Any suggestions would be great.


Declude Junkmail Log Reports:

Q4cb2000b01aeb4b0 WARNING: Could not unlock 
C:\IMail\spool\_4cb2000b01aeb4b0.~MD; it has been deleted.

Imail SMTP Log Reports:

(4cb70d00e10a) [E] lock file exists for 
C:\IMail\spool\Q4cb2000b01aeb4b0.SMD

Keith
NyuujjrxNrzujryjmrxjqy 

winmail.dat

RE: [Declude.JunkMail] File Lock Issue

[Keith Johnson]

Bill,
  You are the man.  I did have Alligate defined and it expired due to them not 
really adding enhan. for Declude.  Sweet, I really appreciate it.  Weird issue as 
Declude Log did not report that it failed on that test.  Thanks again,

Keith


Keith, are you running any external tests?  If so, confirm that their
licenses have not expired.  I ran into this problem with Alligate when its
license had expired on one of my test servers (see attached e-mail).

Bill

winmail.dat

[Declude.JunkMail] Hijack Question

[Keith Johnson]

We currently have 6 versions of Declude (3 Servers with Junkmail and Virus), can I run 
a Hijack demo on each of the servers?  If so, what is the term of the demo?  Thanks 
for the aid.
 
Keith
Nf_ynub!
0u%dj)\jgr[xf)+-Nrz;uj)l^r[yjwmmr[x8^j!qy.i0f+r

RE: [Declude.JunkMail] External Test for Subject is Upper Case

[Keith Johnson]

Scott Fisher,
I heard you mention once that you made a filter to catch Chinese characters in 
the subject, we have a few customers that get nailed by these often.  Was wondering if 
you could share your thoughts.   Thanks,
 
Keith 

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Scott Fisher 
Sent: Tue 8/24/2004 12:12 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [Declude.JunkMail] External Test for Subject is Upper Case



I've made an external test to test if the Subject is all upper case (or 
punctuation).
If anyone is interested, let me know and I'll e-mail you a copy.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

[Declude.JunkMail] SPF Setup

[Keith Johnson]

We virtual host (as well as store/forward) for a lot of domains.  It is
a given to add SPF support, I need to setup records for the main IP and
name of our servers.  However, what about all the virtuals?  Do I only
need to setup SPF records for those domains that we actually
host/control their DNS?  We also have internal DNS servers for routing
email (using BIND) between internally NAT'd servers, do I need to
publish SPF records for those as well.  Thanks for the clarify.

Keith Johnson  
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] SPF Setup

[Keith Johnson]

Scott,
Awesome, thanks for the aid.

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, July 29, 2004 1:48 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] SPF Setup


We virtual host (as well as store/forward) for a lot of domains.  It is

a given to add SPF support, I need to setup records for the main IP and

name of our servers.  However, what about all the virtuals?

SPF doesn't know or care whether a domain is virtual or real.  So:

Do I only need to setup SPF records for those domains that we actually 
host/control their DNS?

That's up to you.  You can publish SPF records for any/all of the
domains that you control the DNS for (and your users can add SPF records
themselves if you do not control the DNS).

We also have internal DNS servers for routing email (using BIND) 
between internally NAT'd servers, do I need to publish SPF records for 
those as well.  Thanks for the clarify.

You don't need to publish SPF records for those, because SPF looks at
the return address of the E-mail and compares it to the IP that the
E-mail came from.  You can only publish SPF records for domains, not
mailservers.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in
mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Outbound Footer - Store and Forward Domains

[Keith Johnson]

Is it possible for Declude to add a footer to an outbound email sent
through the Imail Server for a customer who is using us to send outbound
email.  They would like us to scan their outbound email and then tag a
'scanned for viruses' footer to those emails.  However, this should only
be for this domain, no other domains affected.  Using Declude Pro.

Thanks,

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Outbound Footer - Store and Forward Domains

[Keith Johnson]

Aww, great idea Scott, I will give it a road test.
 
Thanks,
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of R. Scott Perry 
Sent: Tue 6/15/2004 5:34 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: [Declude.JunkMail] Outbound Footer - Store and Forward Domains




Is it possible for Declude to add a footer to an outbound email sent
through the Imail Server for a customer who is using us to send outbound
email.  They would like us to scan their outbound email and then tag a
'scanned for viruses' footer to those emails.  However, this should only
be for this domain, no other domains affected.  Using Declude Pro.

You could probably set up a filter, with a line MAILFROM 0 CONTAINS
@example.com, and then use MYFILTER FOOTER [This E-mail is an outgoing
E-mail from @example.com] in the global.cfg file.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] Declude version 1.79 and Delog

[Keith Johnson]

Scott,
Did the Msg Failed line under LOGLEVEL MID to report the
individual line numbers that it failed in a filter test get moved to
HIGH?

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, June 01, 2004 12:50 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Declude version 1.79 and Delog


I've noticed the logging problem as well and I do have LOGLEVEL MID 
in my global.cfg.

That doesn't resolve the issue.

Do you have the Msg failed lines in your log file?  If not, then you
should go to LOGLEVEL HIGH.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in
mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Declude version 1.79 and Delog

[Keith Johnson]

Scott,
Thanks, we have been running along with MID since the beginning,
all along, upgrading the interim releases.  We just this week needed to
know which line it failed on in one of our filter files.  This is what
we get now in our log.  I will up to HIGH this week.  Thanks,

Qff4f4d2301429a89 BADHEADERS:8 SPAMHEADERS:8 FILTER-SUBJECT:9
FILTER-BODYURL:20 .  Total weight = 45.
06/01/2004 00:00:24 Qff4f4d2301429a89 Subject: Indebted to your
creditors? We can help
06/01/2004 00:00:24 Qff4f4d2301429a89 From: [EMAIL PROTECTED]
To: XXX  IP: 206.173.149.243 ID: 
06/01/2004 00:00:24 Qff4f4d2301429a89 Tests failed [weight=45]:
BADHEADERS=WARN IPNOTINMX=IGNORE SPAMHEADERS=WARN SNIFFER-NOTFND=IGNORE
WEIGHT10=WARN WEIGHT20=SUBJECT FILTER-SUBJECT=IGNORE
FILTER-BODYURL=IGNORE
 
Keith 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, June 01, 2004 1:16 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Declude version 1.79 and Delog


 Did the Msg Failed line under LOGLEVEL MID to report the 
individual line numbers that it failed in a filter test get moved to 
HIGH?

With v1.78 and earlier, the Msg failed lines were at LOGLEVEL LOW.
With
v1.79 and later, they are at LOGLEVEL HIGH.

I believe that the Msg failed lines for filter tests have always
included the line number that triggered the filter.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in
mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Whitelistfile

[Keith Johnson]

Scott,
Can I point to two whitelistfile's in the per user config file
for junkmail (i.e. to WHITELISTFILE entries on separate lines).  For
example, one to main corporate then a personal one.  Thanks,

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Acting as a gateway for domains on other servers

[Keith Johnson]

Samantha,
We have had this type of setup in place for years, works great.
We filter tons of email for Exchange, Domino, and other SMTP Servers.
Let me know if I can give aid.

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bridges,
Samantha
Sent: Thursday, February 19, 2004 2:46 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Acting as a gateway for domains on other
servers

Acting as a gateway for domains on other servers

I know this works for Declude virus but will this work for filter spam
too?  I would suspect that it does but I didn't see it in the
documentation.  

I host email for 11 of 21 school districts.  The remaining 11 host their
own email servers and I would like to filter their email through
Imail/Declude.  They want to host their own email servers... but would
like to take advantage of both the virus and spam filtering offered by
Imail/Declude.

Does anyone have this kind of configuration in place?  Any comments are
appreciated.

Samantha

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Acting as a gateway for domains on other servers

[Keith Johnson]

Samantha,
I don't believe the rules.ima files would work due to there are
no actually mailboxes stored on your Imail server in a Gateway config,
thus it doesn't have any mailbox processing tied to it, i.e. rules
files, storage.  The beauty is, Declude setup in a per-domain config,
will allow spam and virus filtering against those domains, you can even
take it to the user level if necessary.  Thus, you can configure Declude
to tag spam, routeto another mailbox for spam lookups, etc.  May take
some work to transfer some of your rules.ima into Declude and let it do
the work.  

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bridges,
Samantha
Sent: Thursday, February 19, 2004 3:23 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other
servers

Does this solution filter both spam and viruses?  

What about the rules via Imail...they don't run do they???

I user a lot of rules to block email and with this solution they could
not take advantage of rules.ima, right?



-Original Message-
From: Keith Johnson [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 19, 2004 2:59 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other
servers


Samantha,
We have had this type of setup in place for years, works great.
We filter tons of email for Exchange, Domino, and other SMTP Servers.
Let me know if I can give aid.

Keith 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bridges,
Samantha
Sent: Thursday, February 19, 2004 2:46 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Acting as a gateway for domains on other
servers

Acting as a gateway for domains on other servers

I know this works for Declude virus but will this work for filter spam
too?  I would suspect that it does but I didn't see it in the
documentation.  

I host email for 11 of 21 school districts.  The remaining 11 host their
own email servers and I would like to filter their email through
Imail/Declude.  They want to host their own email servers... but would
like to take advantage of both the virus and spam filtering offered by
Imail/Declude.

Does anyone have this kind of configuration in place?  Any comments are
appreciated.

Samantha

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Line Issues

[Keith Johnson]

Scott,
  Are you aware of any issues related to filter files in which the log reports 
and weights against a line in the filter, however, it was the line below or above it 
that should have got triggered?
 
  For example, lets stay that line 39 states:
  BODY   5  contains @123example.com
  
  Line 40 states
  BODY   20   contains  @domain.com
 
 If I look in the log, it shows that my filter got tripped at line 40, however 
if I search for line 40 in the email, it is not there, however, line 39 clearly was.  
The weight was assigned for line 40.  It is as if from time to time, it picks the 
wrong line (in my case just 1 off).  I am running 1.77beta.  Hope this makes sense, 
thanks for the aid.
 
Keith
 
  
j)pjjyu+*7^V*m^r[yNfy^
%yj)fj)b b{.n+lzwZI[hfu%fvz
%yj)Srzjmj)Zb(

RE: [Declude.JunkMail] Line Issues

[Keith Johnson]

Scott,
Should I run the latest interim release to fix this issue?  Just had a few 
upset customers, thanks,
 
Keith

-Original Message- 
From: [EMAIL PROTECTED] on behalf of R. Scott Perry 
Sent: Wed 2/11/2004 8:11 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: [Declude.JunkMail] Line Issues




   Are you aware of any issues related to filter files in which
 the log reports and weights against a line in the filter, however, it was
 the line below or above it that should have got triggered?

   For example, lets stay that line 39 states:
   BODY   5  contains @123example.com

   Line 40 states
   BODY   20   contains  @domain.com

  If I look in the log, it shows that my filter got tripped at
 line 40, however if I search for line 40 in the email, it is not there,
 however, line 39 clearly was.  The weight was assigned for line 40.  It
 is as if from time to time, it picks the wrong line (in my case just 1
 off).  I am running 1.77beta.  Hope this makes sense, thanks for the aid.

Yes, that is possible under some circumstances.  There was a previous
version of Declude that could have the line numbers pretty far off, but
they should be much more accurate now.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

[Declude.JunkMail] Vacation Message Dilema

[Keith Johnson]

I have a few users on a domain who have a vacation in place.  For those
users, I have a Per-User Declude config that uses the MailBox function
for the Weight20 test.  Does the vacation message get triggered on the
actually Main inbox or also sub mailboxes?  What I am noticing is that
when I check their vacation.snt file it lists a lot of addresses that
went to the Sub Mailbox.  This is causing a backlash of bounce messages
back to my client due to when spam comes in a vacation message is sent
out.  Has anyone seen this?

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Option Request

[Keith Johnson]

Is it possible that in a Store/Forward scenario that when a WEIGHT20
test is reached to insert a X-Note in the Header, much like we take
action with RouteTo or Mailbox?  

Thanks,

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Option Request

[Keith Johnson]

John,
Can this WARN have a specific custom Header line only applied to
this domain?

Keith 

-Original Message-
From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 04, 2004 11:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Option Request

Use the action of WARN.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- 
 [EMAIL PROTECTED] On Behalf Of Keith Johnson
 Sent: Wednesday, February 04, 2004 8:16 AM
 To: [EMAIL PROTECTED]
 Subject: [Declude.JunkMail] Option Request
 
 Is it possible that in a Store/Forward scenario that when a WEIGHT20 
 test is reached to insert a X-Note in the Header, much like we take 
 action with RouteTo or Mailbox?
 
 Thanks,
 
 Keith
 ---
 [This E-mail was scanned for viruses by Declude Virus 
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Option Request

[Keith Johnson]

John,
Thanks again, found it in the manual.  Thanks for your time.

Keith 

-Original Message-
From: Keith Johnson 
Sent: Wednesday, February 04, 2004 12:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Option Request

John,
Can this WARN have a specific custom Header line only applied to
this domain?

Keith 

-Original Message-
From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 04, 2004 11:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Option Request

Use the action of WARN.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- 
 [EMAIL PROTECTED] On Behalf Of Keith Johnson
 Sent: Wednesday, February 04, 2004 8:16 AM
 To: [EMAIL PROTECTED]
 Subject: [Declude.JunkMail] Option Request
 
 Is it possible that in a Store/Forward scenario that when a WEIGHT20 
 test is reached to insert a X-Note in the Header, much like we take 
 action with RouteTo or Mailbox?
 
 Thanks,
 
 Keith
 ---
 [This E-mail was scanned for viruses by Declude Virus 
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Log Error

[Keith Johnson]

I received the following error in the log file and subsequently the
email did not ROUTETO although it was listed on the WEIGHT20 line, it
went on to the main mailbox of the customer un-routed.  Is there any
reason for the Error?  I checked the log and only had one other instance
of this for the day.


02/04/2004 14:57:17 Q4e8f9b2b005cae1c Msg failed WEIGHT20 (Weight of 61
reaches or exceeds the limit of 20.). Action=ROUTETO.
02/04/2004 14:57:17 Q4e8f9b2b005cae1c ERROR: Could not open recip file
F:\IMail\spool\_4e8f9b2b005cae1c.~MD [2]


Thanks,
Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Log Error

[Keith Johnson]

Scott,
Thanks for your aid, it is always appreciated.  I passed a
similar explanation on to our customer.  I'll watch our logs for any
patterns.

Keith  

-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 04, 2004 6:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Log Error


 I am running 8.05hf1 and the 1.77beta of Declude (no
interims).
I just needed to give an explanation to one of our customers on this.

There isn't an easy explanation.

What I can give you is the very technical answer:  Declude went to
access the (locked) recipient file, but Windows reported that the file
was not there.  Determining how the file disappeared would be anywhere
from difficult to impossible, depending on what happened (unless the
problem repeats itself, in which case it could probably be traced).

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] OT- Getting a URL de-listed on AOL

[Keith Johnson]

Marc,
I had great succes with the AOL Postmaster line at:
1.888.212.5537  I worked with a guy named, John Rardin, he fixed a few
client issues in a timely fashion.  I emailed him a few of the client
emails and he was able to figure out why it was being blocked by them
and in 1 case they removed it.  Good Luck.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Mydoom.b

[Keith Johnson]

The most recent update today from F-Prot will catch it, just checked it
in the virlist.

Keith 

-Original Message-
From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 29, 2004 2:03 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Mydoom.b

It is not catching it.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- 
 [EMAIL PROTECTED] On Behalf Of Jeff Kratka
 Sent: Wednesday, January 28, 2004 5:51 PM
 To: [EMAIL PROTECTED]
 Subject: [Declude.JunkMail] Mydoom.b
 
 When I have gone and checked my F-Prot to see if the most recent 
 version of Mydoom is covered with the most recent virus definitions 
 it only shows Mydoom.a in the virus list. Is there another way to find

 out if the definitions are fully up to date? I have the DOS version 
 and it is update every couple of hours.
 
 Jeff Kratka
 *
 TymeWyse Internet
 P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
 tel/fax: (541) 839-6027  -  [EMAIL PROTECTED]
 *
 
 ---
 [This E-mail was scanned for viruses by Declude Virus 
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Log File

[Keith Johnson]

What would cause extra CR in the middle of a line in the Virus or
Declude log files or incomplete line entries?  We have a Parser that
runs through to pull out info, however, at times it will encounter the
above and have to skip the entries.  Thanks for the info.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] DNS Warnings

[Keith Johnson]

Title: RE: [Declude.JunkMail] DNS Warnings



Is there a way to have something we could take action on 
ifwhen Declude queries the DNS Server andlogs aWARNING SERVER 
FAILURE (i.e. HOLD, ROUTETO)? It seems in my testing, none of these 
domains that it got this for where legititmate (see below). Also, if 
Declude gets this back, it cancels processing of not only the DNS based tests, 
but also filters or external programs (i.e. Sniffer) according to the log. 
Thanks for the aid.

Keith


From: Keith Johnson Sent: Sunday, 
January 25, 2004 1:55 PMTo: 
[EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] DNS 
Warnings


Scott,

  I took some time 
  and went through the log and found that the following was true on all the ones 
  I checked (around 50) entries, the following examples were found using 
  dnsreport.com about the Warnings:
  
  Getting MX record for mail3b-better-health.wsol8423.com... 
  Received an NXDOMAIN response
  
  OR
  
  Getting MX record for atkingroup.co.uk... Received a response 
  code of 2.This should be treated as an ERROR (per RFC974), and the 
  E-mail delivery should PROBABLY be retried later
  
  I found 1 or 2 that did 
  show an entry listed in dnsreport, however, I could not connect to them via 
  telnet or nslookup's
  
  Keith
  
  
-Original Message- From: R. Scott Perry 
[mailto:[EMAIL PROTECTED] Sent: Sun 1/25/2004 10:44 AM 
To: [EMAIL PROTECTED] Cc: 
Subject: RE: [Declude.JunkMail] DNS 
Warnings
 
Thanks for the aid. I'm with you on the second point, I think 
our DNS server (Bind 8.4.3) attempted to verify the domain (all of 
them look spam in nature) and couldn't find an A or MX listed for 
them and returned back to Declude that warning.Actually, the 
"server failure" should indicate that your DNS server isbroken, so it 
definitely should *not* return the server failure unless itis broken, or 
*perhaps* if it receives a server failure from the remote 
DNSserver.Declude JunkMail is asking BIND if the domain has an 
MX or A record -- soif it returns a server failure when it should not, 
it is hurting your 
spamcontrol. 
-Scott---Declude JunkMail: The advanced anti-spam solution for IMail 
mailservers.Declude Virus: Catches known viruses and is the leader in 
mailservervulnerability detection.Find out what you've been missing: 
Ask about our free 30-day evaluation.---[This E-mail was scanned 
for viruses by Declude Virus (http://www.declude.com)]---This 
E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, 
just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe 
Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.

[Declude.JunkMail] DNS Warnings

[Keith Johnson]

I noticed in our Declude Log (running MID) that we have numerous of the below message 
(different domains).  Is this telling me that there was no MX or A record listed for 
the lookup domain?  I pretty sure, however, just wanted to check, thanks for the aid.
 
Keith
 
WARNING: DNS server 10.10.50.31 returned a SERVER FAILURE error for MX or A for 
srvrdasdsmmkva06k.xp4y.net
j)pjjyu+*7^V*m^r[yNfy^
%yj)fj)b b{.n+lzwZI[hfu%fvz
%yj)Srzjmj)Zb(

RE: [Declude.JunkMail] DNS Warnings

[Keith Johnson]

Scott,
 Thanks for the aid.  I'm with you on the second point, I think our DNS server 
(Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and 
couldn't find an A or MX listed for them and returned back to Declude that warning.  I 
appreciate the speedy response, have a good weekend.
 
Keith

-Original Message- 
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Sun 1/25/2004 9:28 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: [Declude.JunkMail] DNS Warnings




I noticed in our Declude Log (running MID) that we have numerous of the
below message (different domains).  Is this telling me that there was no
MX or A record listed for the lookup domain?  I pretty sure, however, just
wanted to check, thanks for the aid.

It is saying that your DNS server reported a server failure - which
technically means that *your* server failed.

However, many DNS servers will return a server failure response when a
remote DNS server returns a server failure.  So the chances are that the
remote DNS server is the one with the problem.  Declude JunkMail will not
fail the test if a server failure is returned.


-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] DNS Warnings

[Keith Johnson]

Scott,
 A took some time and went through the log and found that the following was 
true on all the ones I checked (around 50) entries, the following examples were found 
using dnsreport.com about the Warnings:
 
Getting MX record for mail3b-better-health.wsol8423.com...   Received an NXDOMAIN 
response
 
OR
 
Getting MX record for atkingroup.co.uk...   Received a response code of 2.

This should be treated as an ERROR (per RFC974), and the E-mail delivery should 
PROBABLY be retried later
 
I found 1 or 2 that did show an entry listed in dnsreport, however, I could 
not connect to them via telnet or nslookup's
 
Keith
 

-Original Message- 
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Sun 1/25/2004 10:44 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Declude.JunkMail] DNS Warnings




  Thanks for the aid.  I'm with you on the second point, I think
 our DNS server (Bind 8.4.3) attempted to verify the domain (all of them
 look spam in nature) and couldn't find an A or MX listed for them and
 returned back to Declude that warning.

Actually, the server failure should indicate that your DNS server is
broken, so it definitely should *not* return the server failure unless it
is broken, or *perhaps* if it receives a server failure from the remote DNS
server.

Declude JunkMail is asking BIND if the domain has an MX or A record -- so
if it returns a server failure when it should not, it is hurting your spam
control.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] DNS Warnings

[Keith Johnson]

Scott,

 I took some time and went through the log and found that the 
following was true on all the ones I checked (around 50) entries, the following 
examples were found using dnsreport.com about the Warnings:
 
Getting MX record for mail3b-better-health.wsol8423.com...   Received an 
NXDOMAIN response
 
OR
 
Getting MX record for atkingroup.co.uk...   Received a response code of 2.

This should be treated as an ERROR (per RFC974), and the E-mail delivery 
should PROBABLY be retried later
 
I found 1 or 2 that did show an entry listed in dnsreport, however, I 
could not connect to them via telnet or nslookup's
 
Keith
 

-Original Message- 
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Sun 1/25/2004 10:44 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Declude.JunkMail] DNS Warnings




  Thanks for the aid.  I'm with you on the second point, I 
think
 our DNS server (Bind 8.4.3) attempted to verify the domain (all of 
them
 look spam in nature) and couldn't find an A or MX listed for them and
 returned back to Declude that warning.

Actually, the server failure should indicate that your DNS server is
broken, so it definitely should *not* return the server failure unless 
it
is broken, or *perhaps* if it receives a server failure from the 
remote DNS
server.

Declude JunkMail is asking BIND if the domain has an MX or A record -- 
so
if it returns a server failure when it should not, it is hurting your 
spam
control.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail 
mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day 
evaluation.

---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Nf_ynub!
0u%dj)\jgr[xf)+-Nrz;uj)l^r[yjwmmr[x8^j!qy.i0f+r

[Declude.JunkMail] Clarification

[Keith Johnson]

We are giving our Declude filters an overhaul this week, adding in all
the functionality of the new 'beta' tests and I wanted to ensure I am
good on the following:

Using Examples SKIPWEIGHT 70
   MAXWEIGHT  60
   MINWEIGHT  20

MAXWEIGHT: If during the run of the filter the
weight associated with the filter reaches 60 then that one filter exits.

MINWEIGHT: If during the run of the filter the weight associated with
the filter is at 20 or below then 
that one filter exits.

SKIPWEIGHT: Upon start of the filter if the total weight prior to
entering the filter is
70 then that one filter will not run

END: If an END is reached anywhere in any filter, it will exit any
further Declude processing will END

Thanks for the aid and time.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Clarification

[Keith Johnson]

Scott,
Is there a test, in the works, that will end all processing of
any further filters.  Basically, exit all Declude processing, or is it
best to use the SKIPWEIGHT, thanks,

Keith 

-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 21, 2004 10:44 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Clarification

That is all correct (just one note to clarify, though: END will stop
processing that one filter, but other tests will run).
   -Scott

At 10:35 AM 1/21/2004, Keith Johnson wrote:
We are giving our Declude filters an overhaul this week, adding in all 
the functionality of the new 'beta' tests and I wanted to ensure I am 
good on the following:

Using Examples SKIPWEIGHT 70
MAXWEIGHT  60
MINWEIGHT  20

MAXWEIGHT: If during the run of the filter the weight associated with 
the filter reaches 60 then that one filter exits.

MINWEIGHT: If during the run of the filter the weight associated with 
the filter is at 20 or below then that one filter exits.

SKIPWEIGHT: Upon start of the filter if the total weight prior to 
entering the filter is 70 then that one filter will not run

END: If an END is reached anywhere in any filter, it will exit any 
further Declude processing will END

Thanks for the aid and time.

Keith
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To 
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
unsubscribe Declude.JunkMail.  The archives can be found at 
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] New XBL from Spamhaus

[Keith Johnson]

I read the following on the Register.  Does anyone know if we can include this 
into Declude?  Thanks for the aid:
 
Clip taken from: http://www.theregister.co.uk/content/55/34690.html
 
However, Spamhaus plans to fight back. Yesterday, it released its Exploits 
Block List (XBL), a real-time DNS-based database of IP addresses of illegal 3rd party 
exploits, including open proxies, worms/viruses with built-in spam engines, and other 
types of trojan-horse exploits utilized by spammers. This list is designed to sit 
alongside the Spamhaus Block List (SBL), which blocks incoming spam from direct spam 
sources. The combination of SBL and XBL enables ISPs to safely reject a high volume of 
incoming spam outright, Spamhaus says. 
 
Keith

winmail.dat

[Declude.JunkMail] Imail 8.05 Release

[Keith Johnson]

Scott,
It looks as if IpSwitch may have fixed the issue in 8.05 that
keeps Declude from being called.


Taken from 8.05 Release Notes...


o Queuemgr: Decreased the possibility that during a queue run the
queuemgr might process files before a third party process 
locks the message.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Declude not taking action

[Keith Johnson]

Although this is not the same issue as Declude not getting called, I did want to bring 
it to everyones attention.  For those of you that Store and Forward to other email 
servers, Imail 8.04 is having issues with removing body text from emails on the smtp 
rdeliver action to a remote server.  I have tested it numerous times and have been 
able to reproduce it.  Ipswitch is aware of it and acknowledges an issue and their 
dev. team is working to fix it.
 
Keith
winmail.dat

RE: [Declude.JunkMail] BODY STARTSWITH

[Keith Johnson]

Scott,
For those of us that have had email (daily) skipping Declude
calling would it be good for us to move up to the 1.76i27 to have that
logged for you?

Keith 

-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 25, 2003 1:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] BODY STARTSWITH


I know you are busy, but I need to ask.

When can we expect that?

You know the rule -- ask and ye shall receive.  :)

http://www.declude.com/release/176i/declude.exe has 1.76i27, which has
this change in it.  Note that this specific interim release will also
record one log file entry to C:\Declude.log for each E-mail that is
processed (to help prove that Declude.exe is being skipped on rare
occasions with IMail 8.04).  The next release will not include that log
file entry.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

FW: [Declude.JunkMail] Declude does not see email

[Keith Johnson]

Title: Re: [Declude.JunkMail] Declude does not see email



Scott,

   This issue of Declude (1.76i and Imail 
  8.04)not seeing email has picked up tremendously in the past week or 
  so. We are starting to see this a lot in our own email as well as our 
  customers reporting it. It seems to be happening in both html and plain 
  text formated emails. Is there anything I can do in my settings to aid 
  this as I am fearful of viruses getting thru (more so than spam)? 
  Thanks,
  
  Keith
  
-Original Message- From: R. Scott Perry 
[mailto:[EMAIL PROTECTED] Sent: Fri 11/21/2003 12:10 PM 
To: [EMAIL PROTECTED] Cc: 
Subject: Re: [Declude.JunkMail] Declude does not see 
email
I am curious to know if others are experiencing this as 
well.Daily I receive 3-4 spam that show no sign of Declude 
ever being ran.Searching the IMail log file shows the email 
arriving and the SPAM logfile for IMail shows an entry for the email 
but Declude does not show it.Are you running IMail v8? There 
seems to be a problem with IMail v8 whereit will occasionally "forget" 
to call Declude. We haven't been able toreproduce the problem, but 
from the log files that we have seen, it appearsthat Declude isn't even 
started. 
-Scott---Declude JunkMail: The advanced anti-spam solution for IMail 
mailservers.Declude Virus: Catches known viruses and is the leader in 
mailservervulnerability detection.Find out what you've been missing: 
Ask about our free 30-day evaluation.---[This E-mail was scanned 
for viruses by Declude Virus (http://www.declude.com)]---This 
E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, 
just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe 
Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.

RE: [Declude.JunkMail] Declude does not see email

[Keith Johnson]

Title: Re: [Declude.JunkMail] Declude does not see email



Kami,
 That is exactly what I am seeing, no record of 
it. It scares me that email is getting through our system for our 
customers, yet it is unscanned. We handle total of about 150K emails each 
day across two servers and we are seeing it on both. It seems like it just 
happened right after the 8.03 update, but got worse after the 8.04 update. 


Thanks,

Keith


From: Kami Razvan 
[mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 9:03 
AMTo: [EMAIL PROTECTED]Subject: RE: 
[Declude.JunkMail] Declude does not see email


Keith:
Have you 
checked the virus logs?
In our 
case no record of the email is seen in JM or Virus logs.
It seems 
like when IMail gets done with it simply forgets Declude and delivers the 
email. So we are not scanning the email for virus ...
Regards,
Kami


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Keith 
JohnsonSent: Monday, November 24, 2003 8:42 AMTo: 
[EMAIL PROTECTED]Subject: FW: [Declude.JunkMail] Declude 
does not see email

Scott,

   This issue of Declude (1.76i and Imail 
  8.04)not seeing email has picked up tremendously in the past week or 
  so. We are starting to see this a lot in our own email as well as our 
  customers reporting it. It seems to be happening in both html and plain 
  text formated emails. Is there anything I can do in my settings to aid 
  this as I am fearful of viruses getting thru (more so than spam)? 
  Thanks,
  
  Keith
  
-Original Message- From: R. Scott Perry 
[mailto:[EMAIL PROTECTED] Sent: Fri 11/21/2003 12:10 PM 
To: [EMAIL PROTECTED] Cc: 
Subject: Re: [Declude.JunkMail] Declude does not see 
email
I am curious to know if others are experiencing this as 
well.Daily I receive 3-4 spam that show no sign of Declude 
ever being ran.Searching the IMail log file shows the email 
arriving and the SPAM logfile for IMail shows an entry for the email 
but Declude does not show it.Are you running IMail v8? There 
seems to be a problem with IMail v8 whereit will occasionally "forget" 
to call Declude. We haven't been able toreproduce the problem, but 
from the log files that we have seen, it appearsthat Declude isn't even 
started. 
-Scott---Declude JunkMail: The advanced anti-spam solution for IMail 
mailservers.Declude Virus: Catches known viruses and is the leader in 
mailservervulnerability detection.Find out what you've been missing: 
Ask about our free 30-day evaluation.---[This E-mail was scanned 
for viruses by Declude Virus (http://www.declude.com)]---This 
E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, 
just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe 
Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.

[Declude.JunkMail] Store and Forward Question

[Keith Johnson]

Since Imail doesn't have a way to reject an email based on its size when
a domain is setup in a Gateway scenario (i.e. store and forward), I
thought I would post this to the Declude community.  Does Declude JMPro
have a way to bounce an email based upon its size?  What we are seeing,
is when an email comes in to Imail (Store and forward setup), Declude
scans it for viruses and spam and then Imail attempts delivery to remote
SMTP server.  The remote SMTP server has restrictions placed upon
acceptance, in that if the email is over 3mb in size, it will not
accept.  The remote server kindly tells our Imail server that it was
rejected due to size restrictions (shows in syslog on Imail), however,
Imail then bounces the email back to the sender as undeliverable, no
notation that it failed due to size restrictions.  I understand that the
sending server doesn't connect directly with the remote server, however,
there has to be a better way to get a 'size rejected notification' back
to the original sender.  Thanks for any aid.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Strange Anomaly

[Keith Johnson]

We are running Declude JMPro Version 1.76i13.  Most of our domains are
setup using the Per Domain configuration, in those configs, we have
setup ROUTETO statements to route their spam to a certain email address
either local or remote.  Since last Thursday (off and on before that),
some spam email has been appearing in the SPAM folder in the Spool
directory (although we do not send any spam to that folder).  I just
checked it and we had over a 1000 in there.  I looked at the D* files
and they show that these emails were sent to domains that had per domain
setup configs.  These domains have been setup and working for well over
a year. We run Imail 8.04 on Windows 2000 SP4. 

Has anyone seen this.  

Also, we have started to see several emails that don't show any X
information placed in them by Declude.  We traced them in the Imail
syslog and they show accepted and Q* assignment given with delivery.
They arrive to the inbox of the users untouched by Declude (no header
info inserted).  Anyone seen this as well.  

Thanks for the aid,

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Strange Anomaly

[Keith Johnson]

Does the Declude JunkMail log file show any information about the
E-mail?  There have been unconfirmed reports of IMail v8 skipping Declude
processing that we are investigating

I have a few emails saved that passed through Declude unscanned if they would be 
helpful.

We are starting to see this every now and then.   I'll look in the Declude log for the 
id.  Thanks,

Keith



winmail.dat

[Declude.JunkMail] Declude w/Sniffer

[Keith Johnson]

We use both Declude (1.76beta) and Sniffer and both work great.
However, we are are in the process of trying to run several Sniffer
tests and take action on individual return codes rather than nonzero.
It is my understanding that Declude will only call the Sniffer test once
although numerous Sniffer tests are defined in the Global.cfg?  Does
this also mean that Declude will use the same amount of CPU and memory
as if one single nonzero test was defined?  Thanks for the aid, trying
to make sure we don't max out our CPU utilization.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Missing Declude headers incorrect weights

[Keith Johnson]

  I have also noticed today that it appears Declude JunkMail is no 
  longer calculating weights correctly.
 
  If you upgrade to the latest interim release at 
  http://www.declude.com/release/176i/declude.exe , it takes care of 
  this
issue.

Wasn't actually expecting a response until tomorrow (Monday).  Weights 
look accurate now.  Thanks for the Sunday response and resolve!

Scott,
If you don't mind me asking, what interim release or full
release did the above weighting issue affect? 

Thanks...

Keith 
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] What is this test?

[Keith Johnson]

Mike,
   The Easynet-Dyna test is an external ip4r DNS test setup in your global.cfg 
file.  See the Declude link below to see further info on this.
 
http://www.declude.com/Junkmail/support/ip4r.htm
 
Keith

-Original Message- 
From: Michael Graveen [mailto:[EMAIL PROTECTED] 
Sent: Thu 10/16/2003 10:14 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [Declude.JunkMail] What is this test?



I have a client that has a domain that we host.  They sent an email through
the mail server and it failed the following tests:

X-Spam-Tests-Failed: EASYNET-DYNA, IPNOTINMX [3]

My question is, what is EASYNET-DYNA?  I don't see it in the JunkMail manual.

Thanks,

Mike

[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

[Declude.JunkMail] JM handling of Aliases

[Keith Johnson]

We have a unique issue in that we have a customer that gets email to
user-user (alias) that goes to an account called useruser (without the
hyphen), both on our server, within same domain.  When a spam email
comes in addressed to the alias and other users within the same domain,
it gets scanned by JMPro 1.76i2 and all emails but the alias email gets
routed to a central spam holding container on the domain.  The alias
email gets delievered to the useruser main inbox.  I have confirmed this
in the log file via the ldeliver lines.  If you look at the header, it
does indeed fail the Weight20 test (we have a single default domain
junkmail file listing WEIGHT20 ROUTETO [EMAIL PROTECTED])  Does
Declude handle alias spam filtering any different that if it was sent to
a main box?  This one has me confused.  Thanks for the aid. 

Running: JMPro 1.76i2
O/S: Windows 2000 SP4

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] JM handling of Aliases

[Keith Johnson]

Scott,
 Would you like the Declude Log or the Sys Log from IMail?  This domain was 
setup as mail.domain.com in Imail and there is an alias on it for domain.com (transfer 
from another vendor Imail server), I have a Declude folder called mail.domain.com, 
however do I need one called domain.com for the alias side?  Thanks,
 
Keith
 

-Original Message- 
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Thu 10/2/2003 4:26 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: [Declude.JunkMail] JM handling of Aliases




We have a unique issue in that we have a customer that gets email to
user-user (alias) that goes to an account called useruser (without the
hyphen), both on our server, within same domain.  When a spam email
comes in addressed to the alias and other users within the same domain,
it gets scanned by JMPro 1.76i2 and all emails but the alias email gets
routed to a central spam holding container on the domain.  The alias
email gets delievered to the useruser main inbox.

What does the log file show for one of these E-mails?

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] JM handling of Aliases

[Keith Johnson]

For the alias, you'll need to use the domain that the alias resolves
to.  If it resolves to the official name of the domain (mail.domain.com),
then you can use the same directory.  But if you are using a different
domain for the alias than the official name of the domain, then you would
need to use a different directory (or, change the alias to use the official
domain name, to keep things consistent).

The setup is as follows: the official host name is mail.domain.com with an alias 
domain of domain.com  There are numerous aliases and user accounts on this box.  One 
of the aliases is: user-user that has a pointer to user   I guess they did this due to 
the way Imail handles the hyphen on a regular box.  An email is sent to the alias: 
[EMAIL PROTECTED] , which then points over [EMAIL PROTECTED]  I have in the Declude 
folder a folder called mail.domain.com which has been working great since day 1, 
however this alias issue has just crept up.  I see in the header that it failed all 
the appropriate tests, but got ldelivered to the main inbox of [EMAIL PROTECTED]  I 
just put another folder called domain.com in the Declude folder to see if it will 
trigger it.  However, I'm unsure why it won't work correctly the way it is since the 
official name is mail.domain.com and the alias domain is domain.com (the same name 
without the mail.).  I'll send you the logs soon.

 

Keith



winmail.dat

[Declude.JunkMail] Understanding Return Codes

[Keith Johnson]

It seems recently a lot of good ip4r tests have ended due to spammer Denial of Service 
attacks.  With that in mind, it has caused me to shuffle around and find some good 
tests.  I noticed in the Global.cfg file of a few default tests commented out that 
have return codes listed as * , however in Declude's DNS-based spam database table 
(thanks Scott for posting) they may show up as 127.0.0.2 (i.e. DSBL), and I became a 
little confused.  Also, some are listed as Various, in which case would lend me to 
think that we should use * , however, on the Declude Website the ip4r test of ORDB 
shows a return of *.  I just wanted to get a sanity check on the proper use of return 
codes, especially if they list as Various.  Also, if the show in the Global.cfg as *, 
yet on the Declude Website have a return code, should I replace the * with a code.  
Thanks for the time.
 
Keith Johnson
N¬f¢—¬±ç_¢»â®ë±¼ƒyÉnuåb®ë!¶Úÿ
0uç%¹¢dáŠÁj)\jgŸ®‰­…àÞr[x›§–f¢–)à–+-N‹§²æìr¸›z;¬¶u©¨¥¶ˆ¦j)l®÷^r[yÊjwm®ž±ÊâmàÞr[x›§•8^j·!Š÷¬q©Ûyú.†Ûiÿü0Âf¢•ª+Þr‰

[Declude.JunkMail] Is it possible

[Keith Johnson]

I have a strange request, however, I don't think it can be done.  I have
a store-and-forward domain (Exchange User) that would like for us to
forward individual spam email to another location for each individual
user.  The catch is, they don't want to send us their individual user
email addresses so that I can create a per-user junkmail file for them,
this would cause double management.  They have informed me that their
last Spam provider ISP could do this with a store-and-forward domain.
Declude does a great job of creating sub-folders on the fly for on the
box Imail users, however, this is more on the fly creation of Imail main
boxes, which to me is dangerous since spammers could send email to any
ole' user.  Any suggestions, thanks for the time.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] [IMail Forum] thank you, thank you, Verisign!! and BIND9 Veri sign-rape patch Verisign!! and BIND9 Veri sign-rape patch

[Keith Johnson]

Scott,
If I add the new interim release, what does JM Pro do to an
email it finds with this trigger?  Do I need to add anything to the
global.cfg file?  Thanks for the aid.

Keith

-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 18, 2003 3:39 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] [IMail Forum] thank you, thank you,
Verisign!! and BIND9 Veri sign-rape patch Verisign!! and BIND9 Veri
sign-rape patch



Scott, I saw this posted to the IMail list, but have not seen anything 
announced on the JunkMail list about this interim release.  I have 
downloaded v1.75i7, does this interim release mean I can remove all of 
the following entries from my global.cfg file:

No.  It only applies to the .com/.net issue.  However, we are working on
a 
new method that would automatically detect the wildcards, regardless of
the 
TLD.

Is there anything that needs to be set in the global.cfg to enable the 
detection of wildcard responses?

No.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Declude v1.75 bogs down the server

[Keith Johnson]

Scott,
  The DECODE OFF option; what would it not catch (i.e. Spam) had the option been 
turned on?  I understand Base64, but what kind of HTML decoding?  We have a server at 
capacity as well, but we are not adding anymore customers to it, however, at times the 
CPU is at 100% which causes the Web Messaging to be slow.   However, I don't want to 
sacrifice not catching some spam either.  Thanks for the info.  
 
Keith

-Original Message- 
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Fri 9/5/2003 5:45 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: [Declude.JunkMail] Declude v1.75 bogs down the server




After upgrading from Declude v1.65 to v1.75 I noticed my Imail server
taking quite a performance hit.  After upgrading my CPU usage went from
50%-55% up to 98%-100%.  Reverting back to v1.65 returned the CPU usage
back to normal.  I am running Imail version 7.07.  The server is running
NT4.0 SP 6A.  The server is a dual Pentium 550 with 512k of ram and a raid 5.

Has anyone else experienced this type of performance hit?  Would Upgrading
to Imail Version 8 or upgrading to Windows 2000 server help?

If you were already at 50%-55%, you're close to the limits of the server.

I would recommend adding a line DECODE OFF to the
\IMail\Declude\global.cfg file to see if that alleviates the problem (that
will prevent some base64 and HTML decoding that v1.75 does, that could use
some extra CPU time).

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] Declude failing openrelay test

[Keith Johnson]

Mishi,
  I am running 8.02 and 7.15HF2 with Relay for Addresses and Declude JM Pro 
1.75i and I just ran the test and produced perfect results on both machines.  It only 
reported 'Unknown User' and 'Not a local gateway', which is great.  What relay setting 
are you running and version of Imail?  
 
Keith

-Original Message- 
From: Mishi Saravi [mailto:[EMAIL PROTECTED] 
Sent: Thu 9/4/2003 7:20 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: [Declude.JunkMail] Declude failing openrelay test



I am using the test for open relay at http://www.abuse.net/cgi-bin/relaytest 
on a machine running imail with declude and it is reporting the machine as openrelay. 
However the same test will report as no relay on a machine running imail without 
declude. Has any one run into this situation? Is it because declude that the machine 
is reporting as open relay?

 

Many Thanks,

 

Mishi

 

winmail.dat

RE: [Declude.JunkMail] Declude failing openrelay test

[Keith Johnson]

Title: Message



Mark,
 If you can, can you post a portion of the 
relaytest results or describe which test failed (remove your IP if 
necessary). 

Keith

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Mark SmithSent: Thursday, September 04, 2003 
  8:49 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [Declude.JunkMail] Declude failing openrelay test
  I 
  just have "Relay for Addresses"
  I 
  include my local Internal DMZ's subnet so I can relay off of various ASP 
  scripts, etc.
  All 
  of my users must authenticate in order to relay.
  
  

-Original Message-From: Keith Johnson 
[mailto:[EMAIL PROTECTED] On Behalf Of Keith 
JohnsonSent: Thursday, September 04, 2003 8:34 AMTo: 
[EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] 
Declude failing openrelay test
Mishi,
 I am running 
8.02 and 7.15HF2with "Relay for Addresses" and Declude JM Pro 1.75i 
and I just ran the test and produced perfect results on both machines. 
It only reported 'Unknown User' and 'Not a local gateway', which is 
great. What relay setting are you running and version of Imail? 


Keith

  -Original Message- From: Mishi Saravi 
  [mailto:[EMAIL PROTECTED] Sent: Thu 9/4/2003 7:20 AM 
  To: [EMAIL PROTECTED] Cc: 
  Subject: Re: [Declude.JunkMail] Declude failing openrelay 
  test
  
  I am using the test for open 
  relay at http://www.abuse.net/cgi-bin/relaytest 
  on a machine running imail with declude and it is reporting the machine as 
  openrelay. However the same test will report as no relay on a machine 
  running imail without declude. Has any one run into this situation? Is it 
  because declude that the machine is reporting as open 
  relay?
  
  Many Thanks,
  
  Mishi
  

[Declude.JunkMail] Need aid on Declude Header rule

[Keith Johnson]

I have a customer who only wants to get email to a list of valid
employees, no one else (i.e. ex-employees).  However, the list of
ex-employees is too long for him to come up with, thus he gave me the
list of valids.  I looked, but I don't think Declude has a HEADER tag
called DOESNOT CONTAIN, does anyone have any suggestions.  Thanks for
the aid.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Need aid on Declude Header rule

[Keith Johnson]

Scott,
The problem with using the CONTAINS is that I would have to have
a list of the ex-employees and the only list he can put together is the
good employees.  Thus if I used the CONTAINS I would be hitting good
employee email.  Any other suggestions, thanks for your time.

Keith


What you could try is a filter using CONTAINS, and then give the test
a 
negative weight (perhaps a weight of -1000).
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Need aid on Declude Header rule

[Keith Johnson]

Karen,
My bad, I failed to mention this is a Store and Forward
domain...

Keith

-Original Message-
From: Karen D. Oland [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 02, 2003 12:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Need aid on Declude Header rule


Delete the nobody alias.  Then, only valid email in his domain will be
accepted.  Delete all old employees not on the list of valid names you
just received from the domain.

 -Original Message-
 From: Keith Johnson
   The problem with using the CONTAINS is that I would have to have
a 
 list of the ex-employees and the only list he can put together is the 
 good employees.  Thus if I used the CONTAINS I would be hitting good 
 employee email.  Any other suggestions, thanks for your time.

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Need aid on Declude Header rule

[Keith Johnson]

Scott,
SWEET, that is a great idea, I'll give it a go, you are the man.

Keith Johnson


CONTAINS *would* work in this way.  For example:

 HEADERS  -1000  CONTAINS  [EMAIL PROTECTED]
 HEADERS  -1000  CONTAINS  [EMAIL PROTECTED]
 ...


In this case, an E-mail with [EMAIL PROTECTED] in the headers

would always receive a weight less than 0.  You can then create a
WEIGHT0 
test that would delete all E-mail with a weight of 0 or higher.
-Scott

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Need aid on Declude Header rule

[Keith Johnson]

Scott,
 I spoke to soon.  If I use the weighting method, it hurts my ability to use 
the Weight system to guard them against Spam.  Your thoughts...
 
Keith

-Original Message- 
From: Keith Johnson 
Sent: Tue 9/2/2003 1:27 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Declude.JunkMail] Need aid on Declude Header rule



Scott,
SWEET, that is a great idea, I'll give it a go, you are the man.

Keith Johnson


CONTAINS *would* work in this way.  For example:

 HEADERS  -1000  CONTAINS  [EMAIL PROTECTED]
 HEADERS  -1000  CONTAINS  [EMAIL PROTECTED]
 ...


In this case, an E-mail with [EMAIL PROTECTED] in the headers

would always receive a weight less than 0.  You can then create a
WEIGHT0
test that would delete all E-mail with a weight of 0 or higher.
-Scott

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat

RE: [Declude.JunkMail] Need aid on Declude Header rule

[Keith Johnson]

Scott,
Since we house mulitple domains (using spam filtering) and this filter test is 
used in the Global file it seems it would fail every other domain email (i.e. 1000 
weight) that we house on the same box?!  Is there a way to only define it for use in 
the default config file for that domain (we have the pro version), thus not be used 
for other domains?  Thanks again for the aid.
 
Keith

-Original Message- 
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Tue 9/2/2003 6:41 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Declude.JunkMail] Need aid on Declude Header rule




  I spoke to soon.  If I use the weighting method, it hurts my
 ability to use the Weight system to guard them against Spam.  Your 
thoughts...

Ah, I see.

In that case, you can have the same filter, but instead of having it
defined as MYFILTER filter C:\IMail\Declude\myfilter.txt x -1000 0, you
could define it as MYFILTER filter C:\IMail\Declude\myfilter.txt x 0
1000.  That way, any E-mail that triggers the filter will have the regular
spam control enabled, but any E-mail that does *not* trigger the filter
(E-mail not to current employees) will have a weight of at least 1000.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


winmail.dat