RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate
John, Can you list multiple REVDNS on a single line when using spamdomains? For example @bellsouth.net .bellsouth. isp.att. Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Monday, August 20, 2007 10:55 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate Does anyone have an updated listed for SPAMDOMAINS test for the AT T conglomerate? I know there is .att. and bellsouth.com and sbc.com but what else is there that could originate from an att.com REVDNS? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Slipping through Declude
John, In text is below: What version of Declude? 4.3.16 Is that the entire message? Yes, I attached 3 message headers Have you reviewed the IMail SMTP log for the message, and check of a queue run just happened to fire at that time? No smtp or Decludeproc restarts in log. What is unique is that all 4 messages contained the same body although from different sources. Still awaiting Linda's response at Declude. Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Saturday, February 03, 2007 1:09 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Slipping through Declude It has been rare, although not uncommon, that from time to time I will see emails slip through and not scanned by Declude, however, today I have gotten 5 in a row carrying the same, or similar, body information and no insertion of X-tags. I have attached a header that illustrates this. Is anyone else seeing this same type of email come through your system unscanned? I have sent this off to Declude Support for further looks. -Keith --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] AVG Questions
Support, What is the best way to tell what signature version I am running with the onboard AVG engine? Also, how do I manually pull down a signature if I need to update before the automatic download interval? Thanks for the aid. Keith --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 30511 problem
David, Do you have an exhaustive explanation of what exactly each of the new commands does? I have seen a tremendous amount of emails to alter this and alter that, however, what does it actually do and how does one affect the other? Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, October 25, 2005 9:39 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] 30511 problem Randy try changing WAITFORMAIL 1500 To WAITFORMAIL 500 See if that changes the delay. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GlobalWeb.net Webmaster Sent: Monday, October 24, 2005 7:16 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] 30511 problem We upgraded to 3.0.5.11 tonight - big difference in CPU in that it's way down from the 3.0.5.5 - but proc folder will accumulate approx 35-50 messages before it'll dump them to the work folder. Do not see any problems so far except for the second or two delay in this... We have in our declude.cfg: THREADS 50 WAITFORMAIL 1500 WAITFORTHREADS 1000 WAITBETWEENTHREADS 1 Sincerely, Randy Armbrecht Global Web Solutions, Inc. 804-346-5300 x112 877-800-GLOBAL (4562) x112 http://globalweb.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Monday, October 24, 2005 1:52 PM To: Declude.JunkMail@declude.com Cc: 'Technical Support' Subject: RE: [Declude.JunkMail] 30511 problem Dual Xeon 3.4Ghz 2GB ram imail 8.05 declude, sniffer invurbl The issue is that without changing anything other than going to 3.05.11 this occurs It appears that processing has changed If I could get some idea from Declude about this. Maybe I have to change my declude.cfg? It currently is threads 20 waitformail 500 waitforthreads 1500 waitbetweenthreads 100 Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Monday, October 24, 2005 1:30 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] 30511 problem Interesting ... .11 is working for me better than any previous version -- proc and work are quickly cleared. What process is jumping the CPU up so high? Decludeproc or the anti-virus scanner(s) or something else? How about some more info (CPU, RAM, declude.cfg contents, do you run AVAFTERJM?, that kind of thing.) John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Monday, October 24, 2005 12:10 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] 30511 problem When I switch from 3.05.9 to 3.05.11 CPU usage goes up considerably and mail gets processed much slower and starts to backlog. I have had to switch back to 3.05.9 Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DomainKeys
John, Is 3.0.5.5 100% stable? I have seen numerous posts on this forum about ongoing issues with MAILFROM (triggering on local unauth. domains), COUNTRY Test and with Multi-Procs (especially above 100K volume per day). I have a call into Declude support on the above to see what is being addressed, especially with Multiple Processors in place. Keith From: [EMAIL PROTECTED] on behalf of John T (Lists) Sent: Mon 10/10/2005 5:54 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] DomainKeys Good, bad, indifferent? Now that 3.0.5.5 is out and stable, any thoughts of including a test for DomainKeys into Declude? John T eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] new root server B address
Davebe, Wow, you read my mind. I saw this as well this week on my Linux dns box. Thanks for the update. Keith From: [EMAIL PROTECTED] on behalf of Dave Doherty Sent: Sat 9/24/2005 10:12 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] new root server B address Hi, all- I was catching up on some stuff tonight and discovered that I still had the old address for the B root server in my cache.dns files. This changed over a year ago, but I missed it at the time. Just in case you also missed it, I thought I would pass it along. The new address for b.root-servers.net is 192.228.79.201 If you have another address for b.root-servers.net, you should change it. -Davbe Doherty Skywaves, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] declude / spamassassin
Nick, If you don't mind, is SA heavy on the CPU? What kinda load are you running with SA? We are wanting to pursue it, however, Sanford had mentioned awhile back it would be heavy on the CPU. Thanks again, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Tuesday, September 20, 2005 5:44 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] declude / spamassassin Travis Sullivan wrote: So, the only thing I will see in the headers is the total score SA results: X-RBL-Warning: SPAMASSASSIN: Message failed SPAMASSASSIN: 3. And declude scores only for the test group, like other tests in the global.cfg file? Correct. Very slick huh? And good job getting it to go! -Nick Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] declude / spamassassin
Travis, In your setup, your Declude is running on a Windows 2k/2003 box calling your SA server on a Linux box on the same local network? I guess the speeds are much the same as quering a local DNS server for lookups. Sounds great, I will have look into this, my loads are around the same for our three servers. Thanks again, Keith From: [EMAIL PROTECTED] on behalf of Travis Sullivan Sent: Tue 9/20/2005 6:31 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] declude / spamassassin Nick, If you don't mind, is SA heavy on the CPU? What kinda load are you running with SA? I have 3k plus users getting 300k emails per day... my SA is running on a linux server, P4 2ghz... no increase in load when I started using SA with declude today. The best config I have set is: SPAMASSASSIN externalnonzero e:\imail\declude\spamd\spamc32.exe -d 209.215.97.193 -r -lt 4 -et 6 -f 3 0 I 'think' so far that spamassassin only reports if SA's score is 4 or more, if so, I score it a 3 on the email test. I am still playing with the values to tune the system. thanks for everyone's help today. I hope to have MRTG running reports on declude soon to show some statistics. Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] RBL's becoming worthless...
Scott, What type of speed are you getting from using the invuribl? We take in/out well over 70K emails per day on each server, 1 of them takes in/out 150K. As I understand it, it is very CPU intensive. Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, July 27, 2005 9:45 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] RBL's becoming worthless... -Marcus: Here's my invuribl config file... I add points for being on various URI lists up to a max of 200. Subject tag at 100, hold at 200, delete at 300: ?xml version=1.0 encoding=utf-8 ? configuration appSettings !--License Key Required For invURIBL To Run-- add key=License_Key value=mykey / !--Enables the use of an exception file for domains that should be skipped-- add key=Enable Exceptions File value=true / !--Path and Filename of the log file. If left blank the log file will be generated in-- !--the same directory as the executable. If you have listed in the file-- !--name it will be replaced with MMDD (Month and Day).-- add key=LogFile_Path value=invuribl-logfile.txt / !-- Options: NORMAL, HIGH, VERBOSE, NONE-- add key=Log_Mode value=HIGH / !-- If the passed in weight exceeds this value, invURIBL will exit without -- !-- running any of the configured tests -- add key=SKIPWEIGHT value=500 / !-- If the accumulated weight exceeds the value listed below invURIBL will -- !-- return the MAXWEIGHT value -- add key=Enable_Max_Weight value=true / add key=MAXWEIGHT value=200 / !-- invURIBL will exit when the first domain in either the URI or RBL list. -- !-- If the domain is listed in the URI list the associated RBL lists will be checked -- !-- as well before the application will exit -- add key=Stop_At_First_Match value=true / !--DNS Server Timeout: Number of seconds that invURIBL will wait for a response from the DNS Server (Beta 5)-- add key=DNS_Server_Timeout value=2 / !-- This is the URIBL That The Domains Will Be Checked Against -- add key=URIBL_List1 value=multi.surbl.org / !-- Will return the last octet as the weight. If Custom Bitmask Values Are Enabled-- !-- their values will take precedence over this setting -- !-- add key=URIBL_Return_Result_As_Weight value=false / -- !-- Weight added to the result code or custom bitmask total. -- add key=URIBL_Weight_List1 value=0 / !--Allows you to override the normal values for bitmasks for a custom return weight-- add key=Enable_Custom_Bitmask_Values_URIBL_List1 value=true / !--If using multi.surbl.org see http://www.surbl.org/lists.html#multi for which lists correspond -- !--to which bitmask values -- add key=URI_Bitmask_BitValue_1_Weight_URIBL_List1 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List1 value=100 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List1 value=50 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List1 value=0 / !--URI LIST 2-- add key=URIBL_List2 value=xs.surbl.org / add key=URIBL_Weight_List2 value=50 / add key=Enable_Custom_Bitmask_Values_URIBL_List2 value=false / add key=URI_Bitmask_BitValue_1_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List2 value=0 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List2 value=0 / !--URI LIST 3-- add key=URIBL_List3 value=multi.uribl.com / add key=URIBL_Weight_List3 value=0 / add key=Enable_Custom_Bitmask_Values_URIBL_List3 value=true / add key=URI_Bitmask_BitValue_1_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_2_Weight_URIBL_List3 value=50 / add key=URI_Bitmask_BitValue_4_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_8_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_16_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_32_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_64_Weight_URIBL_List3 value=0 / add key=URI_Bitmask_BitValue_128_Weight_URIBL_List3 value=0 / !--Enables the checking of the URI's name servers against an RBL. -- !--If the name servers are listed in the RBL the defined weight will -- !--be added. You also have an option to skip looking up the nameservers -- !--if the URI is
[Declude.JunkMail] OT-Netcraft Phishing Pheed
Just an fyi. Seems like we could have Declude query a public database of sites. Worth a look. Keith For what it's worth, Netcraft has announced that it is making available to ISPs, hosting companies, etc., a feed of it's phishing sites etc. http://news.netcraft.com/archives/2005/04/19/netcraft_phishing_site_feed _available.html --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT-Netcraft Phishing Pheed
Darrell, I emailed that sales address to see what they are going to charge. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, May 13, 2005 11:18 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT-Netcraft Phishing Pheed Too bad it appears as if it is going to be fee based. Please contact us ([EMAIL PROTECTED]) for pricing, giving details of the mail server (e.g. sendmail, qmail ...) and/or proxy server (e.g. Squid, Apache ...) or other program that you would like it to interface, and the approximate number of users you have. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Keith Johnson writes: Just an fyi. Seems like we could have Declude query a public database of sites. Worth a look. Keith For what it's worth, Netcraft has announced that it is making available to ISPs, hosting companies, etc., a feed of it's phishing sites etc. http://news.netcraft.com/archives/2005/04/19/netcraft_phishing_site_fe ed _available.html --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SMD Files
Darrell, Did you prior adjust your TcpWindowSize value? Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Darrell ([EMAIL PROTECTED]) Sent: Sat 4/23/2005 10:30 AM To: Declude.JunkMail@declude.com Cc: Subject: Re: [Declude.JunkMail] SMD Files Not saying this is your problem - but... If you have applied the KB 893066 patch from the latest round of MS Patches you may want to look into that. We have seen substantial issues with this patch internally and externally. Darrell --- invURIBL - Intelligent URI filtering plug-in for Declude. Stops 85% of the SPAM with the default configuration. Try it for free - http://www.invariantsystems.com - Original Message - From: Kyle Fisher mailto:[EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Saturday, April 23, 2005 2:40 AM Subject: RE: [Declude.JunkMail] SMD Files Ok thanks John. Why do you think this just started happening the past 3 days I went from about 200 spool files to 1000 during the day and then 2 days later there are all of those left over files. Do you mean the SMTP session from the client. I have had some complaints (for about two weeks) from clients (connected by T1) saying they are getting SMTP errors occasionally. They have there client set to check mail every 5 minutes and throughout the day they get SMTP connection errors. I mean I really dont know I am just searching at this point, but thanks for the info Kyle _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, April 23, 2005 12:28 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] SMD Files T files are incomplete Q files, where by some how the SMTP session was not completed. They along with the associated D file can be deleted. The reason it looks like they have already been sent is that the sending server/user upon disconnection of the SMTP session the resent the message in full. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, April 22, 2005 2:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] SMD Files Looking at some of these it looks like they have already been sent and it is trying to resend them again. Also in some of these it is going to [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, April 22, 2005 3:50 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] SMD Files I am trying to find the article that explains the build up of Txx.smd and Dxx.smd files in the spool directory. The past few days I have quite a few of these hanging around in the spool directory. Here is a sample of whats in the files. Some are from my local clients and some or from other mail servers. Kyle Imail 8.15 2.0.6 Junkmail and Antivirus 3.16b F-Prot Message Sniffer 2.3 D03bc03690136cf5a.SMD Received: from gwmsrm42 [172.16.52.2] by esc5.net with ESMTP (SMTPD32-8.15) id A3BC3690136; Thu, 21 Apr 2005 14:49:16 -0500 T03bc03690136cf5a.SMD QD:\IMail\spool\D03bc03690136cf5a.SMD Hesc5.net I03bc03690136cf5a X1 WE:\IMail E0, R[EMAIL PROTECTED] S[EMAIL PROTECTED] NRCPT TO: [EMAIL PROTECTED] R[EMAIL PROTECTED] winmail.dat
RE: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load
Matt, I had this same exact issue, with exact same symptoms(Win 2000 SP4) and I called Declude on it a few weeks ago. Eventually, I just copied in a new Declude 1.82.exe file and reinstalled my scanners and the issue went away. I saw the same Error starting scanner and the Error 183. I went on the assumption that my scanners got corrupted and thus deinstalled them and reinstalled them. I thought it was just my server, but it seems it could be a broader issue. Keith Johnson From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Monday, April 18, 2005 4:10 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load This is primarily meant for Declude's support, but I am sending it to the list in the event that the broader scrutiny might be beneficial.I'm currently running Declude 1.82 and Windows 2003 SP1. It appears that under heavy load I am seeing errors from both Declude Virus and Declude JunkMail, and it seems possible that while the errors are triggered by the heavy load, the conditions created might be avoidable. It seems likely that either IMail or Declude is producing the problem.I have a client that has a Web server that pumps out about 350 E-mails every night in rapid succession from their Web server. This has been causing issues pretty much every night. Declude Virus throws about a half dozen or so errors during this blast saying "Error 183 creating temp directory [path]", and when this happens, it seems to always do this multiple times for the same file name. Declude JunkMail seems to also double, tipple, quadruple, etc., process the same files when this happens, which is noted in both the logs as well as the headers that it inserts in the E-mail. I sometimes find these multiple-processed files stranded in my spool without a Q file. I'm not sure what conditions associated with the load are causing this, but this can also happen at other times outside of this nightly blast when the CPU's are being pegged.I'm sharing the associated headers and log file entries in the hopes of helping to identify the source of the issue and also potentially resolving it. Here is a copy of each for one such message:HEADERS==Received: from mx1.mailpure.com [208.7.179.200] by mail.mailpure.com with ESMTP (SMTPD32-8.15) id A039545F00E0; Thu, 14 Apr 2005 01:31:37 -0400Received: from DH04 ([###.###.###.###]) by mx1.mailpure.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 14 Apr 2005 01:31:34 -0400Received: from mail pickup service by DH04 with Microsoft SMTPSVC; Thu, 14 Apr 2005 01:30:49 -0400From: [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: Nightly Email update from [Company Name]Date: Thu, 14 Apr 2005 01:30:49 -0400Message-ID: [EMAIL PROTECTED]MIME-Version: 1.0Content-Type: multipart/alternative; boundary="=_NextPart_000_0001_01C54091.8C5A7060"X-Mailer: Microsoft CDO for Windows 2000Thread-Index: AcVAsxNWnH6Lzk2RRyizH9lhpqD3BQ==Content-Class: urn:content-classes:messageX-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441X-OriginalArrivalTime: 14 Apr 2005 05:30:49.0363 (UTC) FILETIME=[1DD32E30:01C540B3]Return-Path: [EMAIL PROTECTED]X-MailPure: X-MailPure: FORGEDFROM: Message failed FORGEDFROM test (weight 2).X-MailPure: X-MailPure: Spam Score: 2X-MailPure: Scan Time: 14 Apr 2005 at 01:34:15 -0400X-MailPure: Spool File: D0039545f00e0819a.SMDX-MailPure: Server Name: DH04X-MailPure: SMTP Sender: [EMAIL PROTECTED]X-MailPure: Received From: customer-webserver.example.com [###.###.###.###]X-MailPure: Country Chain: UNITED STATES-destinationX-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.comX-MailPure: X-MailPure: X-MailPure: FORGEDFROM: Message failed FORGEDFROM test (weight 2).X-MailPure: X-MailPure: Spam Score: 2X-MailPure: Scan Time: 14 Apr 2005 at 01:34:15 -0400X-MailPure: Spool File: D0039545f00e0819a.SMDX-MailPure: Server Name: DH04X-MailPure: SMTP Sender: [EMAIL PROTECTED]X-MailPure: Received From: customer-webserver.example.com [###.###.###.###]X-MailPure: Country Chain: UNITED STATES-destinationX-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.comX-MailPure: X-MailPure: X-MailPure: FORGED
RE: [Declude.JunkMail] Problem loading filter
I believe all is needed here is to add a @ symbol in from of your domain in your .txt file Thus, @phobraun.com per Jessica's request -Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, April 15, 2005 11:12 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Problem loading filter Pro version of declude, and been awhile since I've made a filter, so maybe I am over looking something silly. global cfg file: stepDOMblockfromfile C:\IMail\Declude\Filters\stepDOMblock.txt x 5 0 In C:\IMail\Declude\Filters\ is a txt file named stepDOMblock.txt with the following line: phobraun.com per Jessica's request In that domains declude folder, is jessicah.junkmail with stepDOMblockDELETE Declude logs provide the following error: fromfile: Could not load C:\IMail\Declude\Filters\stepDOMblock.txt [123]. What am I missing here? -- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Problem loading filter
I have burned by not having deselected Hide file extensions for known file types, thus my example.txt file was really example.txt.txt Could this be the case? Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, April 15, 2005 1:05 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Problem loading filter the path is correct, the file name is correct, tried rebooting, still same error. Even went as far as renaming the test and the file and the adjusting the path accordingly.. same results. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kevin Bilbee Sent: Friday, April 15, 2005 11:23 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Problem loading filter I would double\tripple check to see if the path is correct to the filter file??? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, April 15, 2005 8:48 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Problem loading filter should there be a CR? Currently there is. Nothing else has the filter file open. I purposely did not add @ to the beginning of the domain because I don't want any mail from any current or future mail servers of theirs. As it is now, I will delete anything coming from anything related to phobraun.com. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox Sent: Friday, April 15, 2005 10:37 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Problem loading filter Is there a carriage return after the line in the stepDOMblock.txt file? Any chance something else has the file open and locked? Darin. - Original Message - From: [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, April 15, 2005 11:11 AM Subject: [Declude.JunkMail] Problem loading filter Pro version of declude, and been awhile since I've made a filter, so maybe I am over looking something silly. global cfg file: stepDOMblock fromfile C:\IMail\Declude\Filters\stepDOMblock.txt x 5 0 In C:\IMail\Declude\Filters\ is a txt file named stepDOMblock.txt with the following line: phobraun.com per Jessica's request In that domains declude folder, is jessicah.junkmail with stepDOMblock DELETE Declude logs provide the following error: fromfile: Could not load C:\IMail\Declude\Filters\stepDOMblock.txt [123]. What am I missing here? -- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- [This E-mail scanned for viruses by Declude Virus] -- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- [This E-mail scanned for viruses by Declude Virus] -- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Huge reduction in hold queue
Heinrich, How are you determining your detection rates? Are you using a combination of certain tests or overall test percentages? Thanks for the time. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heinrich Richter Sent: Friday, April 01, 2005 10:57 AM To: Declude.JunkMail@declude.com Subject: Re: Re[2]: [Declude.JunkMail] Huge reduction in hold queue Hello Darin, it seems that i got a lot of the mails you are missing ;-( Our volume increased about 25% last month and the number of SPAM increased about 64%. Our spam detection rate is about 98% and the overall spamrate has incresed from 40% to 50% last month. Heinrich - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, April 01, 2005 4:47 PM Subject: Re: Re[2]: [Declude.JunkMail] Huge reduction in hold queue Just as a followup, I have confirmed that we have had a 15%+ drop in incoming volume. If that is mostly spam, then that would indicate almost a 20% drop in spam. If most of that is in our hold range (about 40% of incoming spam ends up in our hold queue), then it could account for half or more of the drop in held spam. Also, we're definitely seeing a significant increase in detection rates for the tests listed below, so a lot less is ending up in our hold queue, despite raising the delete limit. Anyone else seeing a similar drop in incoming spam and an increase in detection rates for the tests listed below? Darin. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, March 31, 2005 10:56 AM Subject: Re: Re[2]: [Declude.JunkMail] Huge reduction in hold queue You know, I think was misleading/inaccurate in how I said it. I really meant accuracy, not detection rate. I was thinking detection rate as the number of messages detected as spam by the test that were actually spam, but I should have said accuracy. Sorry for the confusion...language is a funny thing... These are the best tests we run, in terms of catching the most spam, but they're not catching at the percentages below. There are others that are highly accurate as well, but these catch the most volume. My apologies again for the confusion. Darin. - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: Darin Cox Declude.JunkMail@declude.com Sent: Thursday, March 31, 2005 10:36 AM Subject: Re[2]: [Declude.JunkMail] Huge reduction in hold queue On Thursday, March 31, 2005, 9:50:05 AM, Darin wrote: DC That is very significant, and could explain what I'm seeing. I'm going to DC increase my delete weight a bit for a while to make sure there are no high DC FPs. DC I do see the following detection rates from yesterday (3/30) DC AHBL 97.4% DC CBL 99.9% DC CSMA 97.1% DC CSMA-SBL 93.4% DC JAMMDNSBL 76.0% DC PSBL 96.9% DC SBL 99.5% DC SENDERDB-BL 96.4% DC SNIFFER 98.7% DC SPAMCOP 99.7% DC UCEPROTECT1 100% DC UCEPROTECT2 97.2% DC rates for all seem to have increased significantly over the past couple of DC days. WOW! That's weird. I do not show that at all and I've never seen those tests throw those kinds of numbers (except SNF looks about right): http://www.sortmonster.com/MDLP/MDLP-Example-Short.html For example (a quick spot check) - Data through last noon to midnight-- AHBL shows up at about 22% (21.8409) SPAMCOP shows up at about 64% (63.5114) UCEPROTECCMUL sows up at about 42% (41.6237) UCEPROTECRDO shows up at about 48% (48.0324) Long range data through last midnight-- AHBL shows up at about 16% (16.111) SPAMCOP shows up at about 62% (62.3942) UCEPROTECCMUL shows up at about 42% (41.7421) UCEPROTECRDO shows up at about 49% (48.6102) All in all these indicate nominal performance. Most likely there is something special about the mix of spam you are getting, something wrong with your reporting process, or something else going on that we haven't thought of. To be thorough I also checked some of the MDLP reports from other systems that are beta testing it. With few exceptions they show numbers similar to mine w/ regard to these tests. If I were you I would not make any substantive changes until I tracked down what was going on. No need to introduce additional variables by changing things ;-) DC BTW, I sent to the Junkmail in part so others could comment on DC other tests that may have significantly changed. It's all good :-) _M --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at
RE: [Declude.JunkMail] user settings
Darrell, I am going to have to test that. I asked Scott that same question about a year ago and he said it would shoot the entire email. I will give it a go. Keith Johnson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, March 30, 2005 2:10 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] user settings Goran, No, it will actually delete the recipient and deliver to the other users. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Goran Jovanovic writes: Darrell, Wouldn't this delete the mail for everyone in the recipient list? Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, March 30, 2005 1:18 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] user settings Roger, I am sure there are many ways, but this is how I do it. I have a filter file called OLDEMPLOYEE.TXT and inside the filter file I include lines like this ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] I assign this filter a very high weight to ensure that it gets deleted. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Schmeits, Roger writes: I have an email address that constantly get spam. The former owner is no longer with us. Currently Imail Declude are acting as a gateway to a back-end Imail and Exchange server. How does one go about killing this email address at the gateway level? Please note that we handle a couple different domains, mainly clarksoncollege.edu and one for the students and alumni members. Thanks. RS Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: RFC DNS Information
Does the following break in RFC compliance issues with servers required to accept email? Customer has proper PTR Records for IP, however, domain name is a private one, i.e. customer.localThanks for the aid. Denied Message Reads: Our mail system now 'requires' that your outgoing mail servers identify with a valid hostname. The only requirement is that it exist in DNS publicly. -Keith
RE: [Declude.JunkMail] OT: Windows 2003 Web Edition for a mail server
Title: Message Andrew, Not sure if this applies here, but here is Microsoft stance on Hyperthreading CPU's... Microsoft says...Per Processor LicensingFor currently available Microsoft servers products licensed on a per processor basis (e.g., Microsoft SQL Server, Microsoft BizTalk Server, Microsoft Content Management Server, etc.), one processor license for each physical processor on the server is required. Therefore, customers only need to acquire one processor license for each physical HTT even though the software may count one HTT as two logical processors. See the full deal at:http://www.microsoft.com/licensing/downloads/hyper_threading.doc Keith From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Wednesday, February 02, 2005 3:16 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] OT: Windows 2003 Web Edition for a mail server I've no comment to offer on the suitability of flavour of Windows 2003 for IMail, but I can comment on how the Hyperthreading is treated. On all Windows 2003 servers with hyperthreading enabled, you will see double the number of physical CPUs in the Task Manager, in the Device Manager, and in WinMSD. This lets applications see 4 CPUs on a dual server. However for thread scheduling and for licencing the OS, the HAL (Hardware Abstraction Layer) knows which ones are the physical CPUs and which are the virtual CPUs. Windows 2000 servers do not have that distinction, and Microsoft will not back-port the logic from W2K3 to W2K. W2K sees hyperthreading virtual CPUs as physical CPUs, so you would get into licencing issues if the number of CPUs exceeds your licence. You would also get into performance issues because Microsoft simply uses the first CPUs it sees and ignores the ones that exceed your licence; as the order of discovery is physical, virtual, physical, virtual... you end up using half physical and half virtual CPUs, when what you wantare only the CPUs that are physical to fit in your licence constraint. Therefore, if you have a licencing problem with W2K, either upgrade to W2K3 or turn off hyperthreading. Andrew 8) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, February 02, 2005 11:17 AMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] OT: Windows 2003 Web Edition for a mail serverAfter watching things run for a couple of weeks on Windows 2003 Server, I have concluded that my IMail/Declude setup is running +30% more efficiently than it did on Windows 2000. Because of this, I am thinking of getting rid of my Windows 2000 installations and replacing them with Windows 2003.I haven't noted much discussion around here regarding Windows 2003 Web Edition as a suitable host for IMail/Declude. From what I have read, I don't believe there are any limitations that would prevent this setup from running properly, though I'm not yet positive at this point. Here is a link to the matrix that Microsoft has published: http://www.microsoft.com/windowsserver2003/evaluation/features/compareeditions.mspxThe only thing that stands out is the limitations to 2-Way SMP whereas Standard Edition supports 4-Way SMP. I'm not sure if dual hyperthreaded processors are the equivalent of 2- or 4-Way SMP. Maybe someone could offer up some knowledge there. Even if so, the hyperthreading can be disabled, and I'm not convinced that having 4 processors/instances is beneficial to the environment.I also know that MS SQL server can't be run on Web Edition, but that isn't an issue here. All of the other things that it says it won't support are things that I would have disabled anyway.So does anyone here have any experience with Web Edition and the limitations, and have an opinion about whether or not this would work with an IMail/Declude setup (or for that matter another E-mail platform since IMail will soon enough be 86'd).Thanks,Matt-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] [OT] Exchange2Alias Question
Scott, Works great, thanks for the tip. Ended up using a program called cpau that allows you to specify the password in the batch file since runas requires manual entry and Win 2003 scheduler couldn't validate user/pass during job setup. Again, thanks. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Scott Fosseen Sent: Thu 1/27/2005 5:54 PM To: Declude.JunkMail@declude.com Cc: Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question You need to run the script with username/password of a user on the LDAP server. If you uses the Windows Scheduler it will ask for a username/password to run the program. Just create a local user on the box that runs the script with the same username/password as an account on the LDAP Server. To test the script from a command prompt you will need to run this command runas /netonly /user:domain/username cmd The runas program will ask for your password then open up a command window allowing you to run the script as if you are logged in as that user. _ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _ There are 10 types of people in this world, those that understand binary, and those that don't. _ - Original Message - From: Keith Johnson [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, January 26, 2005 5:32 PM Subject: RE: [Declude.JunkMail] [OT] Exchange2Alias Question Sandy, Thanks for your reply. I did use the LDAP Browser from Softerra (great tool by the way), it reports the RootDSE correctly during setup. What does an error of 0x80005000 indicate? Is this a permission error? When I use the Softerra utility, if I specify anonymous, then I do not see the Users container, however, if I specify the domain\user and a password, then I can get the full Users container. Is this by design? Thanks again for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, January 26, 2005 12:25 PM To: Keith Johnson Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question I opened port 389 through a client firewall from our Imail Server (just in testing) and attempted to query their server using the exchange2alias script, however, it is returning the following error: ---Export Started--- C:\Documents and Settings\Administrator\Desktop\exchange2aliases.vbs(41, 1) (nul l): A referral was returned from the server. This indicates a mismatch between your search base and the domain hosted by that AD server. If you use LDAP Browser (www.softerra.com), is that search base shown up when you query the LDAP server's RootDSE while setting up the new profile? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/rel ease/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/dow nload/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/downloa d/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us
RE: [Declude.JunkMail] [OT] Exchange2Alias Question
Scott, Sweet, I knew there had to be a way to get this to fire, however, I was going at it via an LDAP param vs a simple Windows one. I will give it a try. Thanks again, will give it a try tomorrow. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Scott Fosseen Sent: Thu 1/27/2005 5:54 PM To: Declude.JunkMail@declude.com Cc: Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question You need to run the script with username/password of a user on the LDAP server. If you uses the Windows Scheduler it will ask for a username/password to run the program. Just create a local user on the box that runs the script with the same username/password as an account on the LDAP Server. To test the script from a command prompt you will need to run this command runas /netonly /user:domain/username cmd The runas program will ask for your password then open up a command window allowing you to run the script as if you are logged in as that user. _ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _ There are 10 types of people in this world, those that understand binary, and those that don't. _ - Original Message - From: Keith Johnson [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, January 26, 2005 5:32 PM Subject: RE: [Declude.JunkMail] [OT] Exchange2Alias Question Sandy, Thanks for your reply. I did use the LDAP Browser from Softerra (great tool by the way), it reports the RootDSE correctly during setup. What does an error of 0x80005000 indicate? Is this a permission error? When I use the Softerra utility, if I specify anonymous, then I do not see the Users container, however, if I specify the domain\user and a password, then I can get the full Users container. Is this by design? Thanks again for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, January 26, 2005 12:25 PM To: Keith Johnson Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question I opened port 389 through a client firewall from our Imail Server (just in testing) and attempted to query their server using the exchange2alias script, however, it is returning the following error: ---Export Started--- C:\Documents and Settings\Administrator\Desktop\exchange2aliases.vbs(41, 1) (nul l): A referral was returned from the server. This indicates a mismatch between your search base and the domain hosted by that AD server. If you use LDAP Browser (www.softerra.com), is that search base shown up when you query the LDAP server's RootDSE while setting up the new profile? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/rel ease/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/dow nload/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/downloa d/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --- [This E-mail scanned for viruses
RE: [Declude.JunkMail] [OT] Exchange2Alias Question
Sandy, Thanks for your reply. I did use the LDAP Browser from Softerra (great tool by the way), it reports the RootDSE correctly during setup. What does an error of 0x80005000 indicate? Is this a permission error? When I use the Softerra utility, if I specify anonymous, then I do not see the Users container, however, if I specify the domain\user and a password, then I can get the full Users container. Is this by design? Thanks again for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, January 26, 2005 12:25 PM To: Keith Johnson Subject: Re: [Declude.JunkMail] [OT] Exchange2Alias Question I opened port 389 through a client firewall from our Imail Server (just in testing) and attempted to query their server using the exchange2alias script, however, it is returning the following error: ---Export Started--- C:\Documents and Settings\Administrator\Desktop\exchange2aliases.vbs(41, 1) (nul l): A referral was returned from the server. This indicates a mismatch between your search base and the domain hosted by that AD server. If you use LDAP Browser (www.softerra.com), is that search base shown up when you query the LDAP server's RootDSE while setting up the new profile? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/rel ease/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/dow nload/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/downloa d/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] [OT] Exchange2Alias Question
I opened port 389 through a client firewall from our Imail Server (just in testing) and attempted to query their server using the exchange2alias script, however, it is returning the following error: ---Export Started--- C:\Documents and Settings\Administrator\Desktop\exchange2aliases.vbs(41, 1) (nul l): A referral was returned from the server. I did a netstat -an on their Exchange and see that I am connecting through to their server from my ip. The following is a sample of my string (company removed, with example in its place) C:\Documents and Settings\Administrator\Desktopcscript exchange2aliases.vbs example.com LDAP://out.side.ip.address/cn=Users,dc=example,dc=com example.com exch2alias.example.local Where 1st example.com is virtual domain in Imail Where dc=example,dc=com is actually FQDN for SMTP Where next example.com is main Exchange address Where exch2alias.example.local is additional Rec. Policy added (all users have as 2nd or 3rd address) Thanks for the aid. --- Keith Johnson --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [OT] Exchange2Aliases - Nested OU's
Sandy, Along those lines, what is the proper way of going about ldap'ing 2 or more OU's in order to get all the email addresses. What I have been doing is calling the script 3 times (different scripts and params) and using the flag that removes all entries on the first pass only. However, I didn't know if there is a way to get them all in one line. Thanks again, this has saved a lot of CPU cycles as well as outbound connections. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Sanford Whiteman Sent: Tue 1/4/2005 2:29 AM To: Scott Fosseen Cc: Subject: Re: [Declude.JunkMail] [OT] Exchange2Aliases - Nested OU's If I enter 'ou=Tech Department,...' I get the message Object not found. . . As spaces are totally legit in LDAP without any escaping (except at the beginning or end of URIs--but who's going to do that on purpose?), the most correct reference in LDAP terms is to leave out all single/double quotes and just stick with the plain string: OU=Tech Department,OU=Admin Building,DC=example,DC=com However, there's an outstanding bug in exchange2aliases itself: it doesn't parse arguments with embedded spaces. Force-escaping the spaces themselves should help, though: OU=Tech\20Department,OU=Admin\20Building,DC=example,DC=com Note to anyone else who's listening: this will also solve the problem of grabbing mail-enabled public folders from the space-ridden system area: CN=Microsoft\20Exchange\20System\20Objects,DC=example,DC=com --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] [OT] exchange2aliases for dummies
We have a few customers with multiple OU's that contain employees (i.e. by Departments). Is there a way to include all the OU's on a single LDAP:// parameter line or do I need to just run it several times for each OU and not use the -nc flag except on the very first run. Thanks again, Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [OT] exchange2aliases for dummies
Andrew, Is the only lines you altered in Sandy's script were: cscript exchange2aliases.vbs storeforward.mydomain.com LDAP://10.192.0.1/cn=users,dc=bentall,dc=local mydomain.com mydomain.com Going for a test ride tomorrow. Thanks for the aid, Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Colbeck, Andrew Sent: Sat 11/13/2004 11:04 PM To: '[EMAIL PROTECTED]' Cc: Subject: [Declude.JunkMail] [OT] exchange2aliases for dummies Sandy, I'm having problems in getting this working on a test machine. I'm missing some obvious step... Recap: My production environment is such that I run IMail+Declude as my gateway, in front of an Exchange 2000 environment, so I'm a good candidate for using your exchange2aliases script. We gateway a half dozen domains through the IMail gateway, and some of those have a relatively small userbase, so I'll start with testing one of those. In the production environment, the SMTP addresses for a user are [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] etc. and not in the Active Directory, i.e. not something like [EMAIL PROTECTED] I installed a fresh copy of IMail v8.12 on the test machine. For the Official Host Name I chose the same as my production box, mail.bentall.com and it is listening on the local, non-routeable IP, which is the only IP on the test machine. I then added a host, gave it an Official Host Name of storeforward.mydomain.com and a Host Alias of mydomain.com and set it as a virtual host so that I wouldn't have to give it a unique IP. Then I added an entry to the test machine's hosts. file so that it knew that 192.168.116.100 is the IP for the internal Exchange 2000 that is our current gateway, e.g. 192.168.116.100 mydomain.com Then I set the log format to SYDMMDD.txt and turn on the Debug and Verbose options. Then I ran exchange2alias like so: cscript exchange2aliases.vbs storeforward.mydomain.com LDAP://10.192.0.1/cn=users,dc=bentall,dc=local mydomain.com mydomain.com I could then view all the lovely aliases in IMail. I then used a command line utility, postie, to send a simple message to that test IMail server, with a bogus to: address: postie -host:192.168.116.25 -to:[EMAIL PROTECTED] -from:[EMAIL PROTECTED] -s:This is the subject -msg:This is the body. -v:9 The message is refused. Joy! I then used a command line utility, postie, to send a simple message to that test IMail server, with a valid to: address: postie -host:192.168.116.25 -to:[EMAIL PROTECTED] -from:[EMAIL PROTECTED] -s:This is the subject -msg:This is the body. -v:9 The message is accepted (joy!), and the IMail log shows that it is queued, but also this: 11:13 19:24 SMTP-() Info - Adding Queue file C:\IMail\spool\Qcff500b70dc64580.SMD 11:13 19:24 SMTP-(cff500b70dc64580) processing C:\IMail\spool\Qcff500b70dc64580.SMD 11:13 19:24 SMTP-(cff500b70dc64580) ERR alias loop in [EMAIL PROTECTED] 11:13 19:24 SMTP-(cff500b70dc64580) finished C:\IMail\spool\Qcff500b70dc64580.SMD status=1 that there is an alias loop (boo!) and the message evaporates from the spool folder. I've spent a *lot* of time on this now with a multitude of combinations, and it's just not working. I've tried a real host IP, I've tried adding the host alias to the primary OHN that I had created for our default domain, and ... What am I missing!? Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] LOG Levels
Mark, I would grab V-Fileviewer, it opens large files in chunks, much faster. Opens 500MB files in seconds. http://www.fileviewer.com Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. Smith Sent: Thursday, November 04, 2004 3:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] LOG Levels We have 4 inbound equal MX servers each with 250-350 per day so we're about the same in net-net load. I started writing a log parsing program that will consolidate the logs and insert them into a central SQL database. That way I'll be able to do a query on a message and debug much easier. The problem right now is loading a 350mb (let alone 1.6GB) file with notepad. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn \ WCNet Sent: Thursday, November 04, 2004 3:24 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] LOG Levels My Declude logs at HIGH range between 1.2 and 1.6 GIGABYTES. The log for 11/3 is 1,701,795 KB. - Original Message - From: Mark E. Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 04, 2004 9:03 AM Subject: [Declude.JunkMail] LOG Levels I've always used LOGLEVEL HIGH on my systems but I'm reconsidering that these days since our logs are running 250mb - 350mb. I use a number of log reports (DLAnalyizer, etc) If I switch to LOGLEVEL MID will I lose anything in my log reporting utils? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about Filters
Scott, Is there any size limitation (# of entries per file) imposed on fromfiles or the number or fromfiles you can have listed in the Global.cfg? Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, November 02, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question about Filters After reviewing my Debug log, I found that the FromFiles are run first. Obviously, most email is spoofed and therefore will not show up, however, does Declude actually check fromfile for the mailfrom line or what it shows up as the X-Declude-Sender line? Both. The X-Declude-Sender: header displays the return address (MAIL FROM from the SMTP envelope), which is the same one that the fromfile test type (and anything else in Declude JunkMail) looks at. If it is indeed the X-Declude-Sender, it seems it would be benefical to move the domains from our filter files into fromfiles thus allowing for a reduction on CPU processing since they are run first (while using SKIPIFWEIGHT lines in filters). That sounds like it would work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about Filters
Can you use the SKIPIFWEIGHT and MAXWEIGHT in the fromfiles? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Wednesday, November 03, 2004 2:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Question about Filters Scott, Is there any size limitation (# of entries per file) imposed on fromfiles or the number or fromfiles you can have listed in the Global.cfg? Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, November 02, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question about Filters After reviewing my Debug log, I found that the FromFiles are run first. Obviously, most email is spoofed and therefore will not show up, however, does Declude actually check fromfile for the mailfrom line or what it shows up as the X-Declude-Sender line? Both. The X-Declude-Sender: header displays the return address (MAIL FROM from the SMTP envelope), which is the same one that the fromfile test type (and anything else in Declude JunkMail) looks at. If it is indeed the X-Declude-Sender, it seems it would be benefical to move the domains from our filter files into fromfiles thus allowing for a reduction on CPU processing since they are run first (while using SKIPIFWEIGHT lines in filters). That sounds like it would work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] subjectchars
Anyone have an issue using gmail.com email that is fails the subjectchars test if you place more than one word in the subject line? Line reads: LONGSUBJsubjectchars60 * 0 0 Subject Line used: Test Me Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about Filters
After reviewing my Debug log, I found that the FromFiles are run first. Obviously, most email is spoofed and therefore will not show up, however, does Declude actually check fromfile for the mailfrom line or what it shows up as the X-Declude-Sender line? If it is indeed the X-Declude-Sender, it seems it would be benefical to move the domains from our filter files into fromfiles thus allowing for a reduction on CPU processing since they are run first (while using SKIPIFWEIGHT lines in filters). Thanks for the aid. --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Hijack Question
Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing email to passthru? For example, one of our customers AUTH to our server via their account, it will then not be scanned by Junkmail nor Hijack? Thanks for the time. --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
Also, I see where Hijack requires Deccon.exe. We run Win2000 SP4 and terminal service into the server for remote admin. Does deccon.exe only run on the console session? I read that when the threshhold2 value is reached, deccon is opened and once it is closed the flag will be reset? However, using term services on Win2000 SP4 does not allow connection to the console. Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Monday, October 25, 2004 2:51 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hijack Question Does Hijack work with WHITELIST AUTH that Junkmail sees in allowing email to passthru? For example, one of our customers AUTH to our server via their account, it will then not be scanned by Junkmail nor Hijack? Thanks for the time. --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Question
Scott, (I apologize for the questions, just learning product, since no trial) With the below said, there is really no reason to login and close the deccon.exe via the Desktop unless there is an issue with it or something needs to be hard reset? Some of our customers have had DHA's lately and wanting to head this off, and Hijack seems like a good fit. What are most using as their Threshhold weights in an ISP type arena? Thanks again, Keith Close. The window is opened as soon as an E-mail arrives. If you close the window, the flags will be reset, and the window will be opened when the next E-mail arrive. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Skipifweight question
Since the fromfiles are loaded first and weight assigned after it gets a hit, even before RBL's, can I use the skipifweight or STOPATFIRSTHIT option in the fromfiles? Thanks for the aid. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Filter file maintenance suggestion
Sanford, What type of CPU overhead do you experience with running SA/SPAMD with Declude? I saw the tech doc and it mentioned that it takes up 20MB of memory for each config file load in serial. Are you aware of anyone running this on machines pulling over 200K emails each day? Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Sanford Whiteman Sent: Wed 10/6/2004 6:52 PM To: Bill Landry Cc: Subject: Re[2]: [Declude.JunkMail] Filter file maintenance suggestion In the mean time, you can always setup a Linux mail gateway and use SpamAssassin, or use the Win32 version of SpamAssassin with DJM (see Sandy Whiteman's e-mail signature). Or both! You can run the SPAMD daemon on any platform, but have SPAMC32 query it from Declude Junkmail. Running SPAMD elsewhere will eliminate all the local RegEx resource utilization, and having SPAMC32 run within Declude should save you local resources vs. searching for SpamAssassin header tags on every Declude pass. SPAMC32 also lets you assign different weights to different SPAMD rulesets (different daemons) and more. [ Don't worry, I'll cool off the cheerleading the moment a lot of SPAMC32 support posts come in. :) ] --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] E-Mail to download v1.8
Jeff, I was able to get it via my account login at www.declude.com. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Jeff Maze Sent: Tue 9/28/2004 10:33 AM To: [EMAIL PROTECTED] Cc: Subject: [Declude.JunkMail] E-Mail to download v1.8 Hello, Just wanted to know if there's a place to download the latest .cfg files to handle the v1.8 additions. Or even an updated declude manual? Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
[Declude.JunkMail] domainwhitelists flag
Does the DOMAINWHITELISTS flag override the WHITELISTFILE entry that you can list in the per domain config file and is it required? Does it require the whitelist file to be named whitelist.txt? We have been running 1.79 for awhile, but noticed it in the Release notes, but been using WHITELISTFILE for a long time. Thanks for the aid. Per Release Notes: DOMAINWHITELISTS ON option, to allow for per-domain whitelist files at \IMail\Declude\example.com\whitelist.txt. Keith winmail.dat
RE: [Declude.JunkMail] Whitelister / Blacklister
Would love to have a look at it. Thanks for the offer. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Matt Goodhue Sent: Mon 9/20/2004 8:17 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] Whitelister / Blacklister I would be very interested in these programs. Right now we do all this manually, it would be cool to have an automatic way. Can they run on a per domain setup, or just configured for a single domain? Thanks. Matt _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timothy L. Chandler Sent: Monday, September 20, 2004 8:16 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Whitelister / Blacklister Hi everyone, I wrote a program we have been using at my company successfully for a while now. They are two visual basic executables a whitelister and a blacklister. To add a new whitelisted user to a whitelist file, one must simply set up a program alias and send an e-mail with an e-mail from the user attached, or the header info from the e-mail. I use Outlook and I simply send the e-mails as attachments to a new e-mail. The program parses the e-mail, skips the first from user name (yours obviously), and then processes all attachments for more from e-mail addresses, up to 25. For blacklisting, it parses the senders ip and adds to a blacklist. It is very convenient. Anybody interested in these programs? I could have Scott post them to the free web tools if anyone wants them Tim winmail.dat
[Declude.JunkMail] File Lock Issue
I am running Imail 8.13 with Declude 1.79i16 on Win2003 Server and any inbound email to our server receives the following message. If I email locally, I get good clean ldelivers. I checked my AV Scanners and they are not monitoring the server at all, have them disabled. Any suggestions would be great. Declude Junkmail Log Reports: Q4cb2000b01aeb4b0 WARNING: Could not unlock C:\IMail\spool\_4cb2000b01aeb4b0.~MD; it has been deleted. Imail SMTP Log Reports: (4cb70d00e10a) [E] lock file exists for C:\IMail\spool\Q4cb2000b01aeb4b0.SMD Keith
RE: [Declude.JunkMail] File Lock Issue
I apologize, to clarify the good clean ldelivers were shown while using Web Messaging, not SMTP. Thanks again for the aid. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Keith Johnson Sent: Sat 9/18/2004 11:00 AM To: [EMAIL PROTECTED] Cc: Subject: [Declude.JunkMail] File Lock Issue I am running Imail 8.13 with Declude 1.79i16 on Win2003 Server and any inbound email to our server receives the following message. If I email locally, I get good clean ldelivers. I checked my AV Scanners and they are not monitoring the server at all, have them disabled. Any suggestions would be great. Declude Junkmail Log Reports: Q4cb2000b01aeb4b0 WARNING: Could not unlock C:\IMail\spool\_4cb2000b01aeb4b0.~MD; it has been deleted. Imail SMTP Log Reports: (4cb70d00e10a) [E] lock file exists for C:\IMail\spool\Q4cb2000b01aeb4b0.SMD Keith NyuujjrxNrzujryjmrxjqy winmail.dat
RE: [Declude.JunkMail] File Lock Issue
I turned on Debug, this is what the Junkmail and Virus Log indicate: Junkmail: 09/18/2004 11:28:28.171 Q541a00110178b4b6 C:\IMail\spool\Q541a00110178b4b6.SMD 09/18/2004 11:28:28.171 Q541a00110178b4b6 Unlocked C:\IMail\spool\Q541a00110178b4b6.SMD. 09/18/2004 11:28:28 Q541a00110178b4b6 WARNING: Could not unlock C:\IMail\spool\_541a00110178b4b6.~MD; it has been deleted. 09/18/2004 11:28:28.171 Q541a00110178b4b6 Passing to SMTP3: C:\IMail\smtp32.exe C:\IMail\spool\Q541a00110178b4b6.SMD. Virus: 09/18/2004 11:28:26.828 Q541a00110178b4b6 Deleted C:\IMail\spool\D541a00110178b4b6.vir\0. 09/18/2004 11:28:26.828 Q541a00110178b4b6 report.txt 09/18/2004 11:28:26.828 Q541a00110178b4b6 Deleted C:\IMail\spool\D541a00110178b4b6.vir\report.txt. 09/18/2004 11:28:26.828 Q541a00110178b4b6 han=14a588 b=False 09/18/2004 11:28:26.828 Q541a00110178b4b6 Scanned: OK 09/18/2004 11:28:26.828 Q541a00110178b4b6 High code=0. 09/18/2004 11:28:26.828 Q541a00110178b4b6 AV returned 0 09/18/2004 11:28:28.171 Q541a00110178b4b6 About to pass off E-mail; daisychain set to smtp32.exe. 09/18/2004 11:28:28.171 Q541a00110178b4b6 Passing to SMTP3: C:\IMail\smtp32.exe C:\IMail\spool\Q541a00110178b4b6.SMD. Thanks, Keith -Original Message- From: Keith Johnson on behalf of Keith Johnson Sent: Sat 9/18/2004 11:20 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] File Lock Issue I apologize, to clarify the good clean ldelivers were shown while using Web Messaging, not SMTP. Thanks again for the aid. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Keith Johnson Sent: Sat 9/18/2004 11:00 AM To: [EMAIL PROTECTED] Cc: Subject: [Declude.JunkMail] File Lock Issue I am running Imail 8.13 with Declude 1.79i16 on Win2003 Server and any inbound email to our server receives the following message. If I email locally, I get good clean ldelivers. I checked my AV Scanners and they are not monitoring the server at all, have them disabled. Any suggestions would be great. Declude Junkmail Log Reports: Q4cb2000b01aeb4b0 WARNING: Could not unlock C:\IMail\spool\_4cb2000b01aeb4b0.~MD; it has been deleted. Imail SMTP Log Reports: (4cb70d00e10a) [E] lock file exists for C:\IMail\spool\Q4cb2000b01aeb4b0.SMD Keith NyuujjrxNrzujryjmrxjqy winmail.dat
RE: [Declude.JunkMail] File Lock Issue
John, The retry timer is the default for Imail (every 30 min.). This is for every single SMTP message accepted by the server. Thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of John Tolmachoff (Lists) Sent: Sat 9/18/2004 11:59 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] File Lock Issue What is the retry timer set for in Queue Manager? Is this happening on all messages? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Saturday, September 18, 2004 8:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] File Lock Issue I turned on Debug, this is what the Junkmail and Virus Log indicate: Junkmail: 09/18/2004 11:28:28.171 Q541a00110178b4b6 C:\IMail\spool\Q541a00110178b4b6.SMD 09/18/2004 11:28:28.171 Q541a00110178b4b6 Unlocked C:\IMail\spool\Q541a00110178b4b6.SMD. 09/18/2004 11:28:28 Q541a00110178b4b6 WARNING: Could not unlock C:\IMail\spool\_541a00110178b4b6.~MD; it has been deleted. 09/18/2004 11:28:28.171 Q541a00110178b4b6 Passing to SMTP3: C:\IMail\smtp32.exe C:\IMail\spool\Q541a00110178b4b6.SMD. Virus: 09/18/2004 11:28:26.828 Q541a00110178b4b6 Deleted C:\IMail\spool\D541a00110178b4b6.vir\0. 09/18/2004 11:28:26.828 Q541a00110178b4b6 report.txt 09/18/2004 11:28:26.828 Q541a00110178b4b6 Deleted C:\IMail\spool\D541a00110178b4b6.vir\report.txt. 09/18/2004 11:28:26.828 Q541a00110178b4b6 han=14a588 b=False 09/18/2004 11:28:26.828 Q541a00110178b4b6 Scanned: OK 09/18/2004 11:28:26.828 Q541a00110178b4b6 High code=0. 09/18/2004 11:28:26.828 Q541a00110178b4b6 AV returned 0 09/18/2004 11:28:28.171 Q541a00110178b4b6 About to pass off E-mail; daisychain set to smtp32.exe. 09/18/2004 11:28:28.171 Q541a00110178b4b6 Passing to SMTP3: C:\IMail\smtp32.exe C:\IMail\spool\Q541a00110178b4b6.SMD. Thanks, Keith -Original Message- From: Keith Johnson on behalf of Keith Johnson Sent: Sat 9/18/2004 11:20 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] File Lock Issue I apologize, to clarify the good clean ldelivers were shown while using Web Messaging, not SMTP. Thanks again for the aid. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Keith Johnson Sent: Sat 9/18/2004 11:00 AM To: [EMAIL PROTECTED] Cc: Subject: [Declude.JunkMail] File Lock Issue I am running Imail 8.13 with Declude 1.79i16 on Win2003 Server and any inbound email to our server receives the following message. If I email locally, I get good clean ldelivers. I checked my AV Scanners and they are not monitoring the server at all, have them disabled. Any suggestions would be great. Declude Junkmail Log Reports: Q4cb2000b01aeb4b0 WARNING: Could not unlock C:\IMail\spool\_4cb2000b01aeb4b0.~MD; it has been deleted. Imail SMTP Log Reports: (4cb70d00e10a) [E] lock file exists for C:\IMail\spool\Q4cb2000b01aeb4b0.SMD Keith NyuujjrxNrzujryjmrxjqy winmail.dat
RE: [Declude.JunkMail] File Lock Issue
Bill, You are the man. I did have Alligate defined and it expired due to them not really adding enhan. for Declude. Sweet, I really appreciate it. Weird issue as Declude Log did not report that it failed on that test. Thanks again, Keith Keith, are you running any external tests? If so, confirm that their licenses have not expired. I ran into this problem with Alligate when its license had expired on one of my test servers (see attached e-mail). Bill winmail.dat
[Declude.JunkMail] Hijack Question
We currently have 6 versions of Declude (3 Servers with Junkmail and Virus), can I run a Hijack demo on each of the servers? If so, what is the term of the demo? Thanks for the aid. Keith Nf_ynub! 0u%dj)\jgr[xf)+-Nrz;uj)l^r[yjwmmr[x8^j!qy.i0f+r
RE: [Declude.JunkMail] External Test for Subject is Upper Case
Scott Fisher, I heard you mention once that you made a filter to catch Chinese characters in the subject, we have a few customers that get nailed by these often. Was wondering if you could share your thoughts. Thanks, Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Scott Fisher Sent: Tue 8/24/2004 12:12 AM To: [EMAIL PROTECTED] Cc: Subject: [Declude.JunkMail] External Test for Subject is Upper Case I've made an external test to test if the Subject is all upper case (or punctuation). If anyone is interested, let me know and I'll e-mail you a copy. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
[Declude.JunkMail] SPF Setup
We virtual host (as well as store/forward) for a lot of domains. It is a given to add SPF support, I need to setup records for the main IP and name of our servers. However, what about all the virtuals? Do I only need to setup SPF records for those domains that we actually host/control their DNS? We also have internal DNS servers for routing email (using BIND) between internally NAT'd servers, do I need to publish SPF records for those as well. Thanks for the clarify. Keith Johnson --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF Setup
Scott, Awesome, thanks for the aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, July 29, 2004 1:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPF Setup We virtual host (as well as store/forward) for a lot of domains. It is a given to add SPF support, I need to setup records for the main IP and name of our servers. However, what about all the virtuals? SPF doesn't know or care whether a domain is virtual or real. So: Do I only need to setup SPF records for those domains that we actually host/control their DNS? That's up to you. You can publish SPF records for any/all of the domains that you control the DNS for (and your users can add SPF records themselves if you do not control the DNS). We also have internal DNS servers for routing email (using BIND) between internally NAT'd servers, do I need to publish SPF records for those as well. Thanks for the clarify. You don't need to publish SPF records for those, because SPF looks at the return address of the E-mail and compares it to the IP that the E-mail came from. You can only publish SPF records for domains, not mailservers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outbound Footer - Store and Forward Domains
Is it possible for Declude to add a footer to an outbound email sent through the Imail Server for a customer who is using us to send outbound email. They would like us to scan their outbound email and then tag a 'scanned for viruses' footer to those emails. However, this should only be for this domain, no other domains affected. Using Declude Pro. Thanks, Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Outbound Footer - Store and Forward Domains
Aww, great idea Scott, I will give it a road test. Thanks, Keith -Original Message- From: [EMAIL PROTECTED] on behalf of R. Scott Perry Sent: Tue 6/15/2004 5:34 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Outbound Footer - Store and Forward Domains Is it possible for Declude to add a footer to an outbound email sent through the Imail Server for a customer who is using us to send outbound email. They would like us to scan their outbound email and then tag a 'scanned for viruses' footer to those emails. However, this should only be for this domain, no other domains affected. Using Declude Pro. You could probably set up a filter, with a line MAILFROM 0 CONTAINS @example.com, and then use MYFILTER FOOTER [This E-mail is an outgoing E-mail from @example.com] in the global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] Declude version 1.79 and Delog
Scott, Did the Msg Failed line under LOGLEVEL MID to report the individual line numbers that it failed in a filter test get moved to HIGH? Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, June 01, 2004 12:50 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude version 1.79 and Delog I've noticed the logging problem as well and I do have LOGLEVEL MID in my global.cfg. That doesn't resolve the issue. Do you have the Msg failed lines in your log file? If not, then you should go to LOGLEVEL HIGH. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude version 1.79 and Delog
Scott, Thanks, we have been running along with MID since the beginning, all along, upgrading the interim releases. We just this week needed to know which line it failed on in one of our filter files. This is what we get now in our log. I will up to HIGH this week. Thanks, Qff4f4d2301429a89 BADHEADERS:8 SPAMHEADERS:8 FILTER-SUBJECT:9 FILTER-BODYURL:20 . Total weight = 45. 06/01/2004 00:00:24 Qff4f4d2301429a89 Subject: Indebted to your creditors? We can help 06/01/2004 00:00:24 Qff4f4d2301429a89 From: [EMAIL PROTECTED] To: XXX IP: 206.173.149.243 ID: 06/01/2004 00:00:24 Qff4f4d2301429a89 Tests failed [weight=45]: BADHEADERS=WARN IPNOTINMX=IGNORE SPAMHEADERS=WARN SNIFFER-NOTFND=IGNORE WEIGHT10=WARN WEIGHT20=SUBJECT FILTER-SUBJECT=IGNORE FILTER-BODYURL=IGNORE Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, June 01, 2004 1:16 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Declude version 1.79 and Delog Did the Msg Failed line under LOGLEVEL MID to report the individual line numbers that it failed in a filter test get moved to HIGH? With v1.78 and earlier, the Msg failed lines were at LOGLEVEL LOW. With v1.79 and later, they are at LOGLEVEL HIGH. I believe that the Msg failed lines for filter tests have always included the line number that triggered the filter. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelistfile
Scott, Can I point to two whitelistfile's in the per user config file for junkmail (i.e. to WHITELISTFILE entries on separate lines). For example, one to main corporate then a personal one. Thanks, Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Acting as a gateway for domains on other servers
Samantha, We have had this type of setup in place for years, works great. We filter tons of email for Exchange, Domino, and other SMTP Servers. Let me know if I can give aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Acting as a gateway for domains on other servers Acting as a gateway for domains on other servers I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. I host email for 11 of 21 school districts. The remaining 11 host their own email servers and I would like to filter their email through Imail/Declude. They want to host their own email servers... but would like to take advantage of both the virus and spam filtering offered by Imail/Declude. Does anyone have this kind of configuration in place? Any comments are appreciated. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Acting as a gateway for domains on other servers
Samantha, I don't believe the rules.ima files would work due to there are no actually mailboxes stored on your Imail server in a Gateway config, thus it doesn't have any mailbox processing tied to it, i.e. rules files, storage. The beauty is, Declude setup in a per-domain config, will allow spam and virus filtering against those domains, you can even take it to the user level if necessary. Thus, you can configure Declude to tag spam, routeto another mailbox for spam lookups, etc. May take some work to transfer some of your rules.ima into Declude and let it do the work. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 3:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other servers Does this solution filter both spam and viruses? What about the rules via Imail...they don't run do they??? I user a lot of rules to block email and with this solution they could not take advantage of rules.ima, right? -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, February 19, 2004 2:59 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other servers Samantha, We have had this type of setup in place for years, works great. We filter tons of email for Exchange, Domino, and other SMTP Servers. Let me know if I can give aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Acting as a gateway for domains on other servers Acting as a gateway for domains on other servers I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. I host email for 11 of 21 school districts. The remaining 11 host their own email servers and I would like to filter their email through Imail/Declude. They want to host their own email servers... but would like to take advantage of both the virus and spam filtering offered by Imail/Declude. Does anyone have this kind of configuration in place? Any comments are appreciated. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Line Issues
Scott, Are you aware of any issues related to filter files in which the log reports and weights against a line in the filter, however, it was the line below or above it that should have got triggered? For example, lets stay that line 39 states: BODY 5 contains @123example.com Line 40 states BODY 20 contains @domain.com If I look in the log, it shows that my filter got tripped at line 40, however if I search for line 40 in the email, it is not there, however, line 39 clearly was. The weight was assigned for line 40. It is as if from time to time, it picks the wrong line (in my case just 1 off). I am running 1.77beta. Hope this makes sense, thanks for the aid. Keith j)pjjyu+*7^V*m^r[yNfy^ %yj)fj)b b{.n+lzwZI[hfu%fvz %yj)Srzjmj)Zb(
RE: [Declude.JunkMail] Line Issues
Scott, Should I run the latest interim release to fix this issue? Just had a few upset customers, thanks, Keith -Original Message- From: [EMAIL PROTECTED] on behalf of R. Scott Perry Sent: Wed 2/11/2004 8:11 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Line Issues Are you aware of any issues related to filter files in which the log reports and weights against a line in the filter, however, it was the line below or above it that should have got triggered? For example, lets stay that line 39 states: BODY 5 contains @123example.com Line 40 states BODY 20 contains @domain.com If I look in the log, it shows that my filter got tripped at line 40, however if I search for line 40 in the email, it is not there, however, line 39 clearly was. The weight was assigned for line 40. It is as if from time to time, it picks the wrong line (in my case just 1 off). I am running 1.77beta. Hope this makes sense, thanks for the aid. Yes, that is possible under some circumstances. There was a previous version of Declude that could have the line numbers pretty far off, but they should be much more accurate now. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
[Declude.JunkMail] Vacation Message Dilema
I have a few users on a domain who have a vacation in place. For those users, I have a Per-User Declude config that uses the MailBox function for the Weight20 test. Does the vacation message get triggered on the actually Main inbox or also sub mailboxes? What I am noticing is that when I check their vacation.snt file it lists a lot of addresses that went to the Sub Mailbox. This is causing a backlash of bounce messages back to my client due to when spam comes in a vacation message is sent out. Has anyone seen this? Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Option Request
Is it possible that in a Store/Forward scenario that when a WEIGHT20 test is reached to insert a X-Note in the Header, much like we take action with RouteTo or Mailbox? Thanks, Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Option Request
John, Can this WARN have a specific custom Header line only applied to this domain? Keith -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 11:45 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Option Request Use the action of WARN. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Wednesday, February 04, 2004 8:16 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Option Request Is it possible that in a Store/Forward scenario that when a WEIGHT20 test is reached to insert a X-Note in the Header, much like we take action with RouteTo or Mailbox? Thanks, Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Option Request
John, Thanks again, found it in the manual. Thanks for your time. Keith -Original Message- From: Keith Johnson Sent: Wednesday, February 04, 2004 12:02 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Option Request John, Can this WARN have a specific custom Header line only applied to this domain? Keith -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 11:45 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Option Request Use the action of WARN. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Wednesday, February 04, 2004 8:16 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Option Request Is it possible that in a Store/Forward scenario that when a WEIGHT20 test is reached to insert a X-Note in the Header, much like we take action with RouteTo or Mailbox? Thanks, Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Log Error
I received the following error in the log file and subsequently the email did not ROUTETO although it was listed on the WEIGHT20 line, it went on to the main mailbox of the customer un-routed. Is there any reason for the Error? I checked the log and only had one other instance of this for the day. 02/04/2004 14:57:17 Q4e8f9b2b005cae1c Msg failed WEIGHT20 (Weight of 61 reaches or exceeds the limit of 20.). Action=ROUTETO. 02/04/2004 14:57:17 Q4e8f9b2b005cae1c ERROR: Could not open recip file F:\IMail\spool\_4e8f9b2b005cae1c.~MD [2] Thanks, Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log Error
Scott, Thanks for your aid, it is always appreciated. I passed a similar explanation on to our customer. I'll watch our logs for any patterns. Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 6:27 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Log Error I am running 8.05hf1 and the 1.77beta of Declude (no interims). I just needed to give an explanation to one of our customers on this. There isn't an easy explanation. What I can give you is the very technical answer: Declude went to access the (locked) recipient file, but Windows reported that the file was not there. Determining how the file disappeared would be anywhere from difficult to impossible, depending on what happened (unless the problem repeats itself, in which case it could probably be traced). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT- Getting a URL de-listed on AOL
Marc, I had great succes with the AOL Postmaster line at: 1.888.212.5537 I worked with a guy named, John Rardin, he fixed a few client issues in a timely fashion. I emailed him a few of the client emails and he was able to figure out why it was being blocked by them and in 1 case they removed it. Good Luck. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mydoom.b
The most recent update today from F-Prot will catch it, just checked it in the virlist. Keith -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Thursday, January 29, 2004 2:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Mydoom.b It is not catching it. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Kratka Sent: Wednesday, January 28, 2004 5:51 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Mydoom.b When I have gone and checked my F-Prot to see if the most recent version of Mydoom is covered with the most recent virus definitions it only shows Mydoom.a in the virus list. Is there another way to find out if the definitions are fully up to date? I have the DOS version and it is update every couple of hours. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Log File
What would cause extra CR in the middle of a line in the Virus or Declude log files or incomplete line entries? We have a Parser that runs through to pull out info, however, at times it will encounter the above and have to skip the entries. Thanks for the info. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Warnings
Title: RE: [Declude.JunkMail] DNS Warnings Is there a way to have something we could take action on ifwhen Declude queries the DNS Server andlogs aWARNING SERVER FAILURE (i.e. HOLD, ROUTETO)? It seems in my testing, none of these domains that it got this for where legititmate (see below). Also, if Declude gets this back, it cancels processing of not only the DNS based tests, but also filters or external programs (i.e. Sniffer) according to the log. Thanks for the aid. Keith From: Keith Johnson Sent: Sunday, January 25, 2004 1:55 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] DNS Warnings Scott, I took some time and went through the log and found that the following was true on all the ones I checked (around 50) entries, the following examples were found using dnsreport.com about the Warnings: Getting MX record for mail3b-better-health.wsol8423.com... Received an NXDOMAIN response OR Getting MX record for atkingroup.co.uk... Received a response code of 2.This should be treated as an ERROR (per RFC974), and the E-mail delivery should PROBABLY be retried later I found 1 or 2 that did show an entry listed in dnsreport, however, I could not connect to them via telnet or nslookup's Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Sun 1/25/2004 10:44 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] DNS Warnings Thanks for the aid. I'm with you on the second point, I think our DNS server (Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and couldn't find an A or MX listed for them and returned back to Declude that warning.Actually, the "server failure" should indicate that your DNS server isbroken, so it definitely should *not* return the server failure unless itis broken, or *perhaps* if it receives a server failure from the remote DNSserver.Declude JunkMail is asking BIND if the domain has an MX or A record -- soif it returns a server failure when it should not, it is hurting your spamcontrol. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailservers.Declude Virus: Catches known viruses and is the leader in mailservervulnerability detection.Find out what you've been missing: Ask about our free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
[Declude.JunkMail] DNS Warnings
I noticed in our Declude Log (running MID) that we have numerous of the below message (different domains). Is this telling me that there was no MX or A record listed for the lookup domain? I pretty sure, however, just wanted to check, thanks for the aid. Keith WARNING: DNS server 10.10.50.31 returned a SERVER FAILURE error for MX or A for srvrdasdsmmkva06k.xp4y.net j)pjjyu+*7^V*m^r[yNfy^ %yj)fj)b b{.n+lzwZI[hfu%fvz %yj)Srzjmj)Zb(
RE: [Declude.JunkMail] DNS Warnings
Scott, Thanks for the aid. I'm with you on the second point, I think our DNS server (Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and couldn't find an A or MX listed for them and returned back to Declude that warning. I appreciate the speedy response, have a good weekend. Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Sun 1/25/2004 9:28 AM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] DNS Warnings I noticed in our Declude Log (running MID) that we have numerous of the below message (different domains). Is this telling me that there was no MX or A record listed for the lookup domain? I pretty sure, however, just wanted to check, thanks for the aid. It is saying that your DNS server reported a server failure - which technically means that *your* server failed. However, many DNS servers will return a server failure response when a remote DNS server returns a server failure. So the chances are that the remote DNS server is the one with the problem. Declude JunkMail will not fail the test if a server failure is returned. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] DNS Warnings
Scott, A took some time and went through the log and found that the following was true on all the ones I checked (around 50) entries, the following examples were found using dnsreport.com about the Warnings: Getting MX record for mail3b-better-health.wsol8423.com... Received an NXDOMAIN response OR Getting MX record for atkingroup.co.uk... Received a response code of 2. This should be treated as an ERROR (per RFC974), and the E-mail delivery should PROBABLY be retried later I found 1 or 2 that did show an entry listed in dnsreport, however, I could not connect to them via telnet or nslookup's Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Sun 1/25/2004 10:44 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] DNS Warnings Thanks for the aid. I'm with you on the second point, I think our DNS server (Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and couldn't find an A or MX listed for them and returned back to Declude that warning. Actually, the server failure should indicate that your DNS server is broken, so it definitely should *not* return the server failure unless it is broken, or *perhaps* if it receives a server failure from the remote DNS server. Declude JunkMail is asking BIND if the domain has an MX or A record -- so if it returns a server failure when it should not, it is hurting your spam control. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] DNS Warnings
Scott, I took some time and went through the log and found that the following was true on all the ones I checked (around 50) entries, the following examples were found using dnsreport.com about the Warnings: Getting MX record for mail3b-better-health.wsol8423.com... Received an NXDOMAIN response OR Getting MX record for atkingroup.co.uk... Received a response code of 2. This should be treated as an ERROR (per RFC974), and the E-mail delivery should PROBABLY be retried later I found 1 or 2 that did show an entry listed in dnsreport, however, I could not connect to them via telnet or nslookup's Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Sun 1/25/2004 10:44 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] DNS Warnings Thanks for the aid. I'm with you on the second point, I think our DNS server (Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and couldn't find an A or MX listed for them and returned back to Declude that warning. Actually, the server failure should indicate that your DNS server is broken, so it definitely should *not* return the server failure unless it is broken, or *perhaps* if it receives a server failure from the remote DNS server. Declude JunkMail is asking BIND if the domain has an MX or A record -- so if it returns a server failure when it should not, it is hurting your spam control. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Nf_ynub! 0u%dj)\jgr[xf)+-Nrz;uj)l^r[yjwmmr[x8^j!qy.i0f+r
[Declude.JunkMail] Clarification
We are giving our Declude filters an overhaul this week, adding in all the functionality of the new 'beta' tests and I wanted to ensure I am good on the following: Using Examples SKIPWEIGHT 70 MAXWEIGHT 60 MINWEIGHT 20 MAXWEIGHT: If during the run of the filter the weight associated with the filter reaches 60 then that one filter exits. MINWEIGHT: If during the run of the filter the weight associated with the filter is at 20 or below then that one filter exits. SKIPWEIGHT: Upon start of the filter if the total weight prior to entering the filter is 70 then that one filter will not run END: If an END is reached anywhere in any filter, it will exit any further Declude processing will END Thanks for the aid and time. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Clarification
Scott, Is there a test, in the works, that will end all processing of any further filters. Basically, exit all Declude processing, or is it best to use the SKIPWEIGHT, thanks, Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 10:44 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Clarification That is all correct (just one note to clarify, though: END will stop processing that one filter, but other tests will run). -Scott At 10:35 AM 1/21/2004, Keith Johnson wrote: We are giving our Declude filters an overhaul this week, adding in all the functionality of the new 'beta' tests and I wanted to ensure I am good on the following: Using Examples SKIPWEIGHT 70 MAXWEIGHT 60 MINWEIGHT 20 MAXWEIGHT: If during the run of the filter the weight associated with the filter reaches 60 then that one filter exits. MINWEIGHT: If during the run of the filter the weight associated with the filter is at 20 or below then that one filter exits. SKIPWEIGHT: Upon start of the filter if the total weight prior to entering the filter is 70 then that one filter will not run END: If an END is reached anywhere in any filter, it will exit any further Declude processing will END Thanks for the aid and time. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New XBL from Spamhaus
I read the following on the Register. Does anyone know if we can include this into Declude? Thanks for the aid: Clip taken from: http://www.theregister.co.uk/content/55/34690.html However, Spamhaus plans to fight back. Yesterday, it released its Exploits Block List (XBL), a real-time DNS-based database of IP addresses of illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits utilized by spammers. This list is designed to sit alongside the Spamhaus Block List (SBL), which blocks incoming spam from direct spam sources. The combination of SBL and XBL enables ISPs to safely reject a high volume of incoming spam outright, Spamhaus says. Keith winmail.dat
[Declude.JunkMail] Imail 8.05 Release
Scott, It looks as if IpSwitch may have fixed the issue in 8.05 that keeps Declude from being called. Taken from 8.05 Release Notes... o Queuemgr: Decreased the possibility that during a queue run the queuemgr might process files before a third party process locks the message. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude not taking action
Although this is not the same issue as Declude not getting called, I did want to bring it to everyones attention. For those of you that Store and Forward to other email servers, Imail 8.04 is having issues with removing body text from emails on the smtp rdeliver action to a remote server. I have tested it numerous times and have been able to reproduce it. Ipswitch is aware of it and acknowledges an issue and their dev. team is working to fix it. Keith winmail.dat
RE: [Declude.JunkMail] BODY STARTSWITH
Scott, For those of us that have had email (daily) skipping Declude calling would it be good for us to move up to the 1.76i27 to have that logged for you? Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 1:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BODY STARTSWITH I know you are busy, but I need to ask. When can we expect that? You know the rule -- ask and ye shall receive. :) http://www.declude.com/release/176i/declude.exe has 1.76i27, which has this change in it. Note that this specific interim release will also record one log file entry to C:\Declude.log for each E-mail that is processed (to help prove that Declude.exe is being skipped on rare occasions with IMail 8.04). The next release will not include that log file entry. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
FW: [Declude.JunkMail] Declude does not see email
Title: Re: [Declude.JunkMail] Declude does not see email Scott, This issue of Declude (1.76i and Imail 8.04)not seeing email has picked up tremendously in the past week or so. We are starting to see this a lot in our own email as well as our customers reporting it. It seems to be happening in both html and plain text formated emails. Is there anything I can do in my settings to aid this as I am fearful of viruses getting thru (more so than spam)? Thanks, Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Fri 11/21/2003 12:10 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude does not see email I am curious to know if others are experiencing this as well.Daily I receive 3-4 spam that show no sign of Declude ever being ran.Searching the IMail log file shows the email arriving and the SPAM logfile for IMail shows an entry for the email but Declude does not show it.Are you running IMail v8? There seems to be a problem with IMail v8 whereit will occasionally "forget" to call Declude. We haven't been able toreproduce the problem, but from the log files that we have seen, it appearsthat Declude isn't even started. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailservers.Declude Virus: Catches known viruses and is the leader in mailservervulnerability detection.Find out what you've been missing: Ask about our free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude does not see email
Title: Re: [Declude.JunkMail] Declude does not see email Kami, That is exactly what I am seeing, no record of it. It scares me that email is getting through our system for our customers, yet it is unscanned. We handle total of about 150K emails each day across two servers and we are seeing it on both. It seems like it just happened right after the 8.03 update, but got worse after the 8.04 update. Thanks, Keith From: Kami Razvan [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 9:03 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Declude does not see email Keith: Have you checked the virus logs? In our case no record of the email is seen in JM or Virus logs. It seems like when IMail gets done with it simply forgets Declude and delivers the email. So we are not scanning the email for virus ... Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith JohnsonSent: Monday, November 24, 2003 8:42 AMTo: [EMAIL PROTECTED]Subject: FW: [Declude.JunkMail] Declude does not see email Scott, This issue of Declude (1.76i and Imail 8.04)not seeing email has picked up tremendously in the past week or so. We are starting to see this a lot in our own email as well as our customers reporting it. It seems to be happening in both html and plain text formated emails. Is there anything I can do in my settings to aid this as I am fearful of viruses getting thru (more so than spam)? Thanks, Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Fri 11/21/2003 12:10 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude does not see email I am curious to know if others are experiencing this as well.Daily I receive 3-4 spam that show no sign of Declude ever being ran.Searching the IMail log file shows the email arriving and the SPAM logfile for IMail shows an entry for the email but Declude does not show it.Are you running IMail v8? There seems to be a problem with IMail v8 whereit will occasionally "forget" to call Declude. We haven't been able toreproduce the problem, but from the log files that we have seen, it appearsthat Declude isn't even started. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailservers.Declude Virus: Catches known viruses and is the leader in mailservervulnerability detection.Find out what you've been missing: Ask about our free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
[Declude.JunkMail] Store and Forward Question
Since Imail doesn't have a way to reject an email based on its size when a domain is setup in a Gateway scenario (i.e. store and forward), I thought I would post this to the Declude community. Does Declude JMPro have a way to bounce an email based upon its size? What we are seeing, is when an email comes in to Imail (Store and forward setup), Declude scans it for viruses and spam and then Imail attempts delivery to remote SMTP server. The remote SMTP server has restrictions placed upon acceptance, in that if the email is over 3mb in size, it will not accept. The remote server kindly tells our Imail server that it was rejected due to size restrictions (shows in syslog on Imail), however, Imail then bounces the email back to the sender as undeliverable, no notation that it failed due to size restrictions. I understand that the sending server doesn't connect directly with the remote server, however, there has to be a better way to get a 'size rejected notification' back to the original sender. Thanks for any aid. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Strange Anomaly
We are running Declude JMPro Version 1.76i13. Most of our domains are setup using the Per Domain configuration, in those configs, we have setup ROUTETO statements to route their spam to a certain email address either local or remote. Since last Thursday (off and on before that), some spam email has been appearing in the SPAM folder in the Spool directory (although we do not send any spam to that folder). I just checked it and we had over a 1000 in there. I looked at the D* files and they show that these emails were sent to domains that had per domain setup configs. These domains have been setup and working for well over a year. We run Imail 8.04 on Windows 2000 SP4. Has anyone seen this. Also, we have started to see several emails that don't show any X information placed in them by Declude. We traced them in the Imail syslog and they show accepted and Q* assignment given with delivery. They arrive to the inbox of the users untouched by Declude (no header info inserted). Anyone seen this as well. Thanks for the aid, Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Strange Anomaly
Does the Declude JunkMail log file show any information about the E-mail? There have been unconfirmed reports of IMail v8 skipping Declude processing that we are investigating I have a few emails saved that passed through Declude unscanned if they would be helpful. We are starting to see this every now and then. I'll look in the Declude log for the id. Thanks, Keith winmail.dat
[Declude.JunkMail] Declude w/Sniffer
We use both Declude (1.76beta) and Sniffer and both work great. However, we are are in the process of trying to run several Sniffer tests and take action on individual return codes rather than nonzero. It is my understanding that Declude will only call the Sniffer test once although numerous Sniffer tests are defined in the Global.cfg? Does this also mean that Declude will use the same amount of CPU and memory as if one single nonzero test was defined? Thanks for the aid, trying to make sure we don't max out our CPU utilization. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Missing Declude headers incorrect weights
I have also noticed today that it appears Declude JunkMail is no longer calculating weights correctly. If you upgrade to the latest interim release at http://www.declude.com/release/176i/declude.exe , it takes care of this issue. Wasn't actually expecting a response until tomorrow (Monday). Weights look accurate now. Thanks for the Sunday response and resolve! Scott, If you don't mind me asking, what interim release or full release did the above weighting issue affect? Thanks... Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] What is this test?
Mike, The Easynet-Dyna test is an external ip4r DNS test setup in your global.cfg file. See the Declude link below to see further info on this. http://www.declude.com/Junkmail/support/ip4r.htm Keith -Original Message- From: Michael Graveen [mailto:[EMAIL PROTECTED] Sent: Thu 10/16/2003 10:14 PM To: [EMAIL PROTECTED] Cc: Subject: [Declude.JunkMail] What is this test? I have a client that has a domain that we host. They sent an email through the mail server and it failed the following tests: X-Spam-Tests-Failed: EASYNET-DYNA, IPNOTINMX [3] My question is, what is EASYNET-DYNA? I don't see it in the JunkMail manual. Thanks, Mike [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
[Declude.JunkMail] JM handling of Aliases
We have a unique issue in that we have a customer that gets email to user-user (alias) that goes to an account called useruser (without the hyphen), both on our server, within same domain. When a spam email comes in addressed to the alias and other users within the same domain, it gets scanned by JMPro 1.76i2 and all emails but the alias email gets routed to a central spam holding container on the domain. The alias email gets delievered to the useruser main inbox. I have confirmed this in the log file via the ldeliver lines. If you look at the header, it does indeed fail the Weight20 test (we have a single default domain junkmail file listing WEIGHT20 ROUTETO [EMAIL PROTECTED]) Does Declude handle alias spam filtering any different that if it was sent to a main box? This one has me confused. Thanks for the aid. Running: JMPro 1.76i2 O/S: Windows 2000 SP4 Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] JM handling of Aliases
Scott, Would you like the Declude Log or the Sys Log from IMail? This domain was setup as mail.domain.com in Imail and there is an alias on it for domain.com (transfer from another vendor Imail server), I have a Declude folder called mail.domain.com, however do I need one called domain.com for the alias side? Thanks, Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thu 10/2/2003 4:26 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] JM handling of Aliases We have a unique issue in that we have a customer that gets email to user-user (alias) that goes to an account called useruser (without the hyphen), both on our server, within same domain. When a spam email comes in addressed to the alias and other users within the same domain, it gets scanned by JMPro 1.76i2 and all emails but the alias email gets routed to a central spam holding container on the domain. The alias email gets delievered to the useruser main inbox. What does the log file show for one of these E-mails? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] JM handling of Aliases
For the alias, you'll need to use the domain that the alias resolves to. If it resolves to the official name of the domain (mail.domain.com), then you can use the same directory. But if you are using a different domain for the alias than the official name of the domain, then you would need to use a different directory (or, change the alias to use the official domain name, to keep things consistent). The setup is as follows: the official host name is mail.domain.com with an alias domain of domain.com There are numerous aliases and user accounts on this box. One of the aliases is: user-user that has a pointer to user I guess they did this due to the way Imail handles the hyphen on a regular box. An email is sent to the alias: [EMAIL PROTECTED] , which then points over [EMAIL PROTECTED] I have in the Declude folder a folder called mail.domain.com which has been working great since day 1, however this alias issue has just crept up. I see in the header that it failed all the appropriate tests, but got ldelivered to the main inbox of [EMAIL PROTECTED] I just put another folder called domain.com in the Declude folder to see if it will trigger it. However, I'm unsure why it won't work correctly the way it is since the official name is mail.domain.com and the alias domain is domain.com (the same name without the mail.). I'll send you the logs soon. Keith winmail.dat
[Declude.JunkMail] Understanding Return Codes
It seems recently a lot of good ip4r tests have ended due to spammer Denial of Service attacks. With that in mind, it has caused me to shuffle around and find some good tests. I noticed in the Global.cfg file of a few default tests commented out that have return codes listed as * , however in Declude's DNS-based spam database table (thanks Scott for posting) they may show up as 127.0.0.2 (i.e. DSBL), and I became a little confused. Also, some are listed as Various, in which case would lend me to think that we should use * , however, on the Declude Website the ip4r test of ORDB shows a return of *. I just wanted to get a sanity check on the proper use of return codes, especially if they list as Various. Also, if the show in the Global.cfg as *, yet on the Declude Website have a return code, should I replace the * with a code. Thanks for the time. Keith Johnson N¬f¢¬±ç_¢»â®ë±¼yÉnuåb®ë!¶Úÿ 0uç%¹¢dáÁj)\jg® àÞr[x§f¢)à+-N§²æìr¸z;¬¶u©¨¥¶¦j)l®÷^r[yÊjwm®±ÊâmàÞr[x§8^j·!÷¬q©Ûyú.Ûiÿü0Âf¢ª+Þr
[Declude.JunkMail] Is it possible
I have a strange request, however, I don't think it can be done. I have a store-and-forward domain (Exchange User) that would like for us to forward individual spam email to another location for each individual user. The catch is, they don't want to send us their individual user email addresses so that I can create a per-user junkmail file for them, this would cause double management. They have informed me that their last Spam provider ISP could do this with a store-and-forward domain. Declude does a great job of creating sub-folders on the fly for on the box Imail users, however, this is more on the fly creation of Imail main boxes, which to me is dangerous since spammers could send email to any ole' user. Any suggestions, thanks for the time. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [IMail Forum] thank you, thank you, Verisign!! and BIND9 Veri sign-rape patch Verisign!! and BIND9 Veri sign-rape patch
Scott, If I add the new interim release, what does JM Pro do to an email it finds with this trigger? Do I need to add anything to the global.cfg file? Thanks for the aid. Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:39 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] [IMail Forum] thank you, thank you, Verisign!! and BIND9 Veri sign-rape patch Verisign!! and BIND9 Veri sign-rape patch Scott, I saw this posted to the IMail list, but have not seen anything announced on the JunkMail list about this interim release. I have downloaded v1.75i7, does this interim release mean I can remove all of the following entries from my global.cfg file: No. It only applies to the .com/.net issue. However, we are working on a new method that would automatically detect the wildcards, regardless of the TLD. Is there anything that needs to be set in the global.cfg to enable the detection of wildcard responses? No. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude v1.75 bogs down the server
Scott, The DECODE OFF option; what would it not catch (i.e. Spam) had the option been turned on? I understand Base64, but what kind of HTML decoding? We have a server at capacity as well, but we are not adding anymore customers to it, however, at times the CPU is at 100% which causes the Web Messaging to be slow. However, I don't want to sacrifice not catching some spam either. Thanks for the info. Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Fri 9/5/2003 5:45 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude v1.75 bogs down the server After upgrading from Declude v1.65 to v1.75 I noticed my Imail server taking quite a performance hit. After upgrading my CPU usage went from 50%-55% up to 98%-100%. Reverting back to v1.65 returned the CPU usage back to normal. I am running Imail version 7.07. The server is running NT4.0 SP 6A. The server is a dual Pentium 550 with 512k of ram and a raid 5. Has anyone else experienced this type of performance hit? Would Upgrading to Imail Version 8 or upgrading to Windows 2000 server help? If you were already at 50%-55%, you're close to the limits of the server. I would recommend adding a line DECODE OFF to the \IMail\Declude\global.cfg file to see if that alleviates the problem (that will prevent some base64 and HTML decoding that v1.75 does, that could use some extra CPU time). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] Declude failing openrelay test
Mishi, I am running 8.02 and 7.15HF2 with Relay for Addresses and Declude JM Pro 1.75i and I just ran the test and produced perfect results on both machines. It only reported 'Unknown User' and 'Not a local gateway', which is great. What relay setting are you running and version of Imail? Keith -Original Message- From: Mishi Saravi [mailto:[EMAIL PROTECTED] Sent: Thu 9/4/2003 7:20 AM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude failing openrelay test I am using the test for open relay at http://www.abuse.net/cgi-bin/relaytest on a machine running imail with declude and it is reporting the machine as openrelay. However the same test will report as no relay on a machine running imail without declude. Has any one run into this situation? Is it because declude that the machine is reporting as open relay? Many Thanks, Mishi winmail.dat
RE: [Declude.JunkMail] Declude failing openrelay test
Title: Message Mark, If you can, can you post a portion of the relaytest results or describe which test failed (remove your IP if necessary). Keith -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark SmithSent: Thursday, September 04, 2003 8:49 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Declude failing openrelay test I just have "Relay for Addresses" I include my local Internal DMZ's subnet so I can relay off of various ASP scripts, etc. All of my users must authenticate in order to relay. -Original Message-From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith JohnsonSent: Thursday, September 04, 2003 8:34 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Declude failing openrelay test Mishi, I am running 8.02 and 7.15HF2with "Relay for Addresses" and Declude JM Pro 1.75i and I just ran the test and produced perfect results on both machines. It only reported 'Unknown User' and 'Not a local gateway', which is great. What relay setting are you running and version of Imail? Keith -Original Message- From: Mishi Saravi [mailto:[EMAIL PROTECTED] Sent: Thu 9/4/2003 7:20 AM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude failing openrelay test I am using the test for open relay at http://www.abuse.net/cgi-bin/relaytest on a machine running imail with declude and it is reporting the machine as openrelay. However the same test will report as no relay on a machine running imail without declude. Has any one run into this situation? Is it because declude that the machine is reporting as open relay? Many Thanks, Mishi
[Declude.JunkMail] Need aid on Declude Header rule
I have a customer who only wants to get email to a list of valid employees, no one else (i.e. ex-employees). However, the list of ex-employees is too long for him to come up with, thus he gave me the list of valids. I looked, but I don't think Declude has a HEADER tag called DOESNOT CONTAIN, does anyone have any suggestions. Thanks for the aid. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need aid on Declude Header rule
Scott, The problem with using the CONTAINS is that I would have to have a list of the ex-employees and the only list he can put together is the good employees. Thus if I used the CONTAINS I would be hitting good employee email. Any other suggestions, thanks for your time. Keith What you could try is a filter using CONTAINS, and then give the test a negative weight (perhaps a weight of -1000). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need aid on Declude Header rule
Karen, My bad, I failed to mention this is a Store and Forward domain... Keith -Original Message- From: Karen D. Oland [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 12:07 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Need aid on Declude Header rule Delete the nobody alias. Then, only valid email in his domain will be accepted. Delete all old employees not on the list of valid names you just received from the domain. -Original Message- From: Keith Johnson The problem with using the CONTAINS is that I would have to have a list of the ex-employees and the only list he can put together is the good employees. Thus if I used the CONTAINS I would be hitting good employee email. Any other suggestions, thanks for your time. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need aid on Declude Header rule
Scott, SWEET, that is a great idea, I'll give it a go, you are the man. Keith Johnson CONTAINS *would* work in this way. For example: HEADERS -1000 CONTAINS [EMAIL PROTECTED] HEADERS -1000 CONTAINS [EMAIL PROTECTED] ... In this case, an E-mail with [EMAIL PROTECTED] in the headers would always receive a weight less than 0. You can then create a WEIGHT0 test that would delete all E-mail with a weight of 0 or higher. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need aid on Declude Header rule
Scott, I spoke to soon. If I use the weighting method, it hurts my ability to use the Weight system to guard them against Spam. Your thoughts... Keith -Original Message- From: Keith Johnson Sent: Tue 9/2/2003 1:27 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] Need aid on Declude Header rule Scott, SWEET, that is a great idea, I'll give it a go, you are the man. Keith Johnson CONTAINS *would* work in this way. For example: HEADERS -1000 CONTAINS [EMAIL PROTECTED] HEADERS -1000 CONTAINS [EMAIL PROTECTED] ... In this case, an E-mail with [EMAIL PROTECTED] in the headers would always receive a weight less than 0. You can then create a WEIGHT0 test that would delete all E-mail with a weight of 0 or higher. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] Need aid on Declude Header rule
Scott, Since we house mulitple domains (using spam filtering) and this filter test is used in the Global file it seems it would fail every other domain email (i.e. 1000 weight) that we house on the same box?! Is there a way to only define it for use in the default config file for that domain (we have the pro version), thus not be used for other domains? Thanks again for the aid. Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Tue 9/2/2003 6:41 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] Need aid on Declude Header rule I spoke to soon. If I use the weighting method, it hurts my ability to use the Weight system to guard them against Spam. Your thoughts... Ah, I see. In that case, you can have the same filter, but instead of having it defined as MYFILTER filter C:\IMail\Declude\myfilter.txt x -1000 0, you could define it as MYFILTER filter C:\IMail\Declude\myfilter.txt x 0 1000. That way, any E-mail that triggers the filter will have the regular spam control enabled, but any E-mail that does *not* trigger the filter (E-mail not to current employees) will have a weight of at least 1000. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat