RE: [Declude.JunkMail] No one at Declude?
Ours went down as well this morning. Declude stopped processing with a licensing error. I have left several phone messages. Todd From: "Nick Hayer" Sent: Wednesday, April 17, 2013 10:47 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Thanks David for the vote of confidence. Who do we contact at Declude for customer support? They seem to be radio silent for now - at least on this list. Thank you -Nick MadRiverAccess.com|Skywaves.net Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: http://www.skywaves.net/content/secure/support_ticket.htm From: "David Barker" Sent: Wednesday, April 17, 2013 11:35 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Just my 2c - users do not need to abandon the Declude product. Declude still has tremendous value, hijack, routing email, rules etc all you need is a way to keep Declude running and support which MBF can help you do. The solution to this tragedy is Declude+Message Sniffer. David Barker Mail's Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com -Original Message- From: Pete McNeil [mailto:madscient...@microneil.com] Sent: Wednesday, April 17, 2013 11:24 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? On 2013-04-17 11:11, John Doyle wrote: > You also should go to message sniffer and email them for help on > getting message sniffer to run standalone. Message Sniffer can run standalone on both IMail and SmarterMail. On IMail, use the MINIMI (minimal IMail Shim) plugin: http://www.armresearch.com/support/articles/installation/minimiImail.jsp On Smarter Mail run SNFClient as a command line scanner: http://www.armresearch.com/support/qa/integration/smarterMail.jsp _M -- Pete McNeil, President MicroNeil Research Corporation www.microneil.com 703.779.4909 x7010 twitter/codedweller --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] No one at Declude?
Hi John - Thanks - I actually talked with Linda on Monday afternoon and she got me set "back up" with a working installation of Declude. What about you? Todd __ Todd Richards Director of Technology National Network, LLC. Email: to...@nnepa.com Toll Free: 800.638.8681 Fax: 800.638.8681 -Original Message- From: John Doyle [mailto:jdo...@spicehunter.com] Sent: Wednesday, April 17, 2013 10:11 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Todd It appears that there is no one at Declude The server that handles this apparently is down and has been for a week or so. Go to mail list archive using the link below Go to the spam version of declude and sort the messages by date Go back a week or so and read the threads There is some contact info for getting help You also should go to message sniffer and email them for help on getting message sniffer to run standalone. John -Original Message- From: SM Admin [mailto:imailad...@bcwebhost.net] Sent: Tuesday, April 16, 2013 11:43 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? Apparently I was too quick on the draw as this line has since been added to the diag file: 04/16/2013 22:24:21.947 [BB86F9-606322-C04138-958B5A-AB7343-94F75B] IS INVALID KEY Did someone say something about new keys? -Original Message- From: SM Admin Sent: Tuesday, April 16, 2013 10:25 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? I noticed today that Declude wasn't processing. I checked the diag file and it has the usual entries at the top plus an entry at the bottom saying that the Sniffer license is invalid. How is that? So then I restarted the Declud service and now the diag file only shows this: Declude 4.12.02 Diagnostics Compilation Platform: SmarterMail Copyright (c) 2000-2013 Declude, Inc. Host Name mail1.bcwebhost.net Declude Key So I have no idea what's going on. Anyone? -Original Message- From: Brian Baker Sent: Tuesday, April 16, 2013 7:09 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? Looks like tonight we better figure out a new approach. My declude diag file is now reading declude lic as invalid. Anyone else? - Original Message - From: "Todd Richards" To: Sent: Monday, April 15, 2013 9:34 AM Subject: RE: [Declude.JunkMail] No one at Declude? What system is that? Our users are getting hammered with spam. Reminds me of the days, many years ago, before I happened upon Declude... Todd -Original Message- On Sunday, April 14, 2013 10:24 PM, John Doyle wrote: >>I have reverted to a system that works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] No one at Declude?
What system is that? Our users are getting hammered with spam. Reminds me of the days, many years ago, before I happened upon Declude... Todd -Original Message- On Sunday, April 14, 2013 10:24 PM, John Doyle wrote: >>I have reverted to a system that works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Has time stood still?
Well it's now 2012 and time to look through my filter since a lot more spam is getting through these days. Frankly I am more than a little put off by Declude. We have been loyal paying customers since the 1990s and I am just dumbfounded that there has been no significant devolpment in the product in years. When I say that I mean that after all these years it is little more than it was 5 - 7 years ago. While the world has marched on we still have no 1. GUI 2. Declude developed Blacklist 3. Declude Spam database such as DCC, Razor, Comtouch etc(sure the can sell you someone elses) 4. Bayes filtering 5. Any real polished spam solution other that the rough framework its been for 10 years. And now I get emails from Declude telling me what I knew already; that they have once again ignored us and developed Declude Navigator to COMPETE with us. So they have a totally new product with an interface that reportedly filters 99% of spam, but they have told us for years they cant put a ui Declude? I understand business changes and companies must move on. But we have been paying for over 10 years and waiting for Declude, and now our money has gone into a competing product rather than delivering a better one to their existing loyal customers. That said after all these years we will not be renewing. I mean why should we? We can use the existing framework as is since it's had no significant updates until we find another solution. After all these years I really cannot express how disappointed I am. Sincerely, Todd Hunter --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Pakistan Messages
Hi Linda - Thanks - sending them over now. Todd -Original Message- From: Linda Pagillo [mailto:lpagi...@declude.com] Sent: Tuesday, May 08, 2012 2:44 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Pakistan Messages Hi Todd. Could you please send me a few headers from these messages along with a copy of your global.cfg and diags.txt file? Please send it to supp...@declude.com . Thanks! Linda Pagillo Declude Technical Support Engineer 866-332-5833 Ext. 2 lpagi...@declude.com -Original Message- From: Todd Richards [mailto:to...@nnepa.com] Sent: Tuesday, May 08, 2012 3:33 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Pakistan Messages Hi All – We have a client who is getting Pakistan messages early every morning like clockwork. They are coming through Google Groups, and are passing the Declude tests with flying colors. Has anyone else seen these, and if so, any ideas on how to block them? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Pakistan Messages
Hi All We have a client who is getting Pakistan messages early every morning like clockwork. They are coming through Google Groups, and are passing the Declude tests with flying colors. Has anyone else seen these, and if so, any ideas on how to block them? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Stop processing before virus check
Hi David - Actually, I already had that line, which is what got me wondering if I was missing something else. Todd -Original Message- From: David Barker [mailto:dbar...@declude.com] Sent: Sunday, August 07, 2011 5:16 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Stop processing before virus check Change the order in which JunkMail and Declude EVA scan. Use the following line in your virus.cfg AVAFTERJM ON -Original Message- From: Todd Richards [mailto:to...@nnepa.com] Sent: Sunday, August 07, 2011 3:15 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Stop processing before virus check When the system detects a virus, it quarantines them and puts them in my virus folder for review. When I review them I notice that they completely failed the junk mail settings and should have been deleted. However, they are still getting scanned for viruses, held for review, which triggers an alert to me so I can go and see what is there. Is there something that I should have in my config files to tell it to stop processing everything once it reaches my "delete" threshold - currently set at 30 - and really delete it? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Stop processing before virus check
When the system detects a virus, it quarantines them and puts them in my virus folder for review. When I review them I notice that they completely failed the junk mail settings and should have been deleted. However, they are still getting scanned for viruses, held for review, which triggers an alert to me so I can go and see what is there. Is there something that I should have in my config files to tell it to stop processing everything once it reaches my "delete" threshold - currently set at 30 - and really delete it? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Time to upgrade and to what?
Hey Ben – If you haven’t already, you can download a trial of SmarterMail to give you a hands on feel for how the interface works, from the system administrator to a domain administrator to an end user. I can’t speak to the latest version of SmarterMail as we are still running 6.9xx (we have a current subscription but never felt the need yet to upgrade – probably will soon), nor can I offer a good comparison, since we were still on IMail 8.2x when we made the change. There were three main reasons we made the switch: cost, a much improved web interface from our IMail 8.2x version, and the massive number of positive recommendations about switching to SM. Like the others, we have never looked back. We too were on the unlimited version of IMail, but are on a 1000 user version of SmarterMail. That has proved plenty for us at this point. The nice thing is, if we need more then we add them on. We are heavy users of the Mailing Lists in SmarterMail. I like the fact that we can manage subscribers separate from lists. Our main domain (the one that I am on) currently has almost 70 mailing lists. It’s great that, via the web interface, we can add a single subscriber to multiple lists. We can also go into the individual lists and manage subscribers as well. You can add your own custom fields to the subscriber screens if you want to track Name, City, Company Name, etc. It also has the ability to remove a user from the lists if they have a certain number of bounces. While that feature was nice, we actually increased it (maybe even turned it off – can’t remember for sure without going and looking) because it would remove someone and nobody ever knew about it. There were requests about maybe alerting the administrator of such a change, or disabling a user versus removing them, etc. I’m just not sure whether that part has been upgraded. Again, we are on SmarterMail 6.9 but I don’t think the rest of it has changed that much. The one thing that I didn’t like about the mailing lists is that we had an ASP page with all of the options that people could subscribe to. At the end, when they hit submit, it would fire off an email to IMail and subscribe (or unsubscribe) them from all of their choices in one swoop. SmarterMail didn’t handle things that way, and would simply make the change for the first option but ignore the rest of them. We weren’t aware of that at first and had people think they were making changes but they really weren’t. SmarterMail does offer the ability to tie web pages to the mail server using SOAP, etc. But I don’t know it and haven’t had the time to make the changeover. Todd From: Imail Admin [mailto:imailad...@bcwebhost.net] Sent: Monday, June 06, 2011 6:12 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Time to upgrade and to what? I guess my three areas on concern would be how IM and SM compare in their web mail interface, how they compare in administration, and how they compare in list server. We make pretty modest use of the IM list server (which is pretty primitive), but I would hate to give it up altogether. Thanks for any comments, Ben - Original Message - From: Heimir Eidskrem <mailto:decl...@i360.net> To: Declude.JunkMail@declude.com Sent: Monday, June 06, 2011 1:41 PM Subject: Re: [Declude.JunkMail] Time to upgrade and to what? We dumped Imail after being with them since version 4 I think. Moved to Smartermail and never looked back. Our customers really like SM and we have nothing but positive feedback. the transition was easy with the migration tools from SM. I would do it again with no hesitation. On 6/1/2011 9:09 PM, Imail Admin wrote: I've been musing over whether it's time to upgrade or replace my mail system. I've got IMail (unlimited users) v 2006.23 on an old server runing Win2k Advanced Server with Declude v.?? (not current, whatever it is). On the one hand, I only have a small number of domains and mail boxes any more and on the other hand, my old server is looking pretty long in the tooth.  I started out looking at boxes to build a new server, but they're not that expensive any more. Then I got caughter up in the software. Ipswitch wants $2300 or some such for a software upgrade (unlimited users). That's way more than I can justify spending. I don't really need unlimited users any more, but I hate to give it up. On the other hand, I recall a few years ago when people were switching en masse to SmaterMail so I looked at them and their prices are a lot nice. Anyone care to say how the current versions of either software compared with my old IMail?  I assume that I'll have to upgrade to the current version of Declude, but otherwise that will work the same as before?  Any suggestions or pointers would be appreciated.  Thanks,  Ben  --- This E-mail came from the Declude.Jun
Re: [Declude.JunkMail] Imail vs. Smartermail
We used Imail for over 10 years and currently maintain both IMail and SM. The list of reasons we switched is long. We have been running SM for over a year and are very happy with the switch, worth every minute of time spent making the move. Perfect example. SM has build in reports and access to logs. The other day I needed to look up supposed issue with a clients email. You just open the web interface, go the the log search, and input the string you are looking for. It even will show you not only the log lines but all related traffic to that email transaction. Very slick! I would move again in a minute, SM had too much going for it over IMail. Todd Hunter SecureLawEmail -- Original Message -- From: "Robert Grosshandler" Reply-To: declude.junkmail@declude.com Date: Fri, 27 Aug 2010 14:17:22 -0500 >Hi All - > > > >We're currently using Imail v2006. We had no need to upgrade and the iMail >versions until this year didn't support some features we needed (primariy >DomainKey / DKIM signing of outbound mail. ) We'd considered moving to >Smartermail, but it didn't (and doesn't) support a feature we needed >(blah-x...@igive.com) formatting of incoming mail. Smartermail does >(blah+x...@igive.com) and we'd have to get 250,000 folks to change the >e-mail address we assigned them. > > > >Pricing between the two for our needs is almost the same (Smartermail would >be slightly cheaper in the long run). > > > >I know that people left iMail in droves over the past several years. Any >current info on Ipswitch that should make me go through the pain of a switch >to Smartermail? > > > >Thanks ahead of time. > > > >Rob > > > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to imail...@declude.com, and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > Sent via the WebMail system at smart-mail.net --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude queue alert
Of course - thanks Nick! Todd From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Nick Hayer Sent: Wednesday, August 25, 2010 12:13 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Declude queue alert dunno - but for sure you could use cdosys -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm _ From: "Todd Richards" Sent: Wednesday, August 25, 2010 11:56 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Declude queue alert I used to use this in the past when we were using iMail, and it worked very well. But we've since switched to SmarterMail. Does anyone know what to call instead of imail1.exe? Would it be the mailserver.exe file, located in the Program Files\Smarter Tools\SmarterMail\Service folder? Todd From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Nick Hayer Sent: Wednesday, August 25, 2010 9:04 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] Declude queue alert Hi Harry, Below is a script I copied from the list long ago - edit as applicable for your setup, save it as a .vbs file and run it every 15 min or so -Nick fHold1 = "\\192.168.254.23\goofy\imail\spool " fHold2 = "\\192.168.254.23\goofy\imail\spool\proc " aMail = "e:\imail\imail1.exe " mFrom = "-u 'spamstar2.moni...@madriveraccess.com' " mTo = "-t 'n...@madriveraccess.com' " if GetFileCount(fHold1) > 300 then MailNotice "Imail Spool", GetFileCount(fHold1), mTo end if if GetFileCount(fHold2) > 300 then MailNotice "Imail\spool\proc", GetFileCount(fHold2), mTo end if Function GetFileCount(folderspec) Dim fso, f, f1, fc Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.GetFolder(folderspec) Set fc = f.Files GetFileCount = fc.count End Function Function MailNotice(fname, fcount, mTo) Dim mCmd, mSubj, WshShell set WshShell = WScript.CreateObject("WScript.Shell") mSubj = "-s 'SPAMSTAR2(192.168.254.23) Mail held in " & fname & ": " & fcount & "' " mCmd = aMail & mFrom & mTo & mSubj & "-f" Return = WshShell.Run(mCmd , 1, TRUE) End Function MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm _ From: "Harry Vanderzand" Sent: Wednesday, August 25, 2010 9:52 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Declude queue alert Is there any way that the system can give me an alert when the Declude queue fills up past a certain point? There have been a couple of cases recently that have caused Declude to stop processing. The mail backs up in the queue and I only realize it when someone complains or I notice that no mail has come in for a while. I then restart the service and processing starts up again. If I were to get an alert that say, 500 items were in the queue then I would know there is a problem. Thank you Please note our new Address Harry Vanderzand Intown Internet 740 Erbsville Road Waterloo, On, N2J 3Z4 519-741-1222 DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying,or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Thank you. --- [This E-mail was checked by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was checked by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was checked by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was checked by Declude] --- This E-mail came from
RE: [Declude.JunkMail] Declude queue alert
I used to use this in the past when we were using iMail, and it worked very well. But we've since switched to SmarterMail. Does anyone know what to call instead of imail1.exe? Would it be the mailserver.exe file, located in the Program Files\Smarter Tools\SmarterMail\Service folder? Todd From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Nick Hayer Sent: Wednesday, August 25, 2010 9:04 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] Declude queue alert Hi Harry, Below is a script I copied from the list long ago - edit as applicable for your setup, save it as a .vbs file and run it every 15 min or so -Nick fHold1 = "\\192.168.254.23\goofy\imail\spool " fHold2 = "\\192.168.254.23\goofy\imail\spool\proc " aMail = "e:\imail\imail1.exe " mFrom = "-u 'spamstar2.moni...@madriveraccess.com' " mTo = "-t 'n...@madriveraccess.com' " if GetFileCount(fHold1) > 300 then MailNotice "Imail Spool", GetFileCount(fHold1), mTo end if if GetFileCount(fHold2) > 300 then MailNotice "Imail\spool\proc", GetFileCount(fHold2), mTo end if Function GetFileCount(folderspec) Dim fso, f, f1, fc Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.GetFolder(folderspec) Set fc = f.Files GetFileCount = fc.count End Function Function MailNotice(fname, fcount, mTo) Dim mCmd, mSubj, WshShell set WshShell = WScript.CreateObject("WScript.Shell") mSubj = "-s 'SPAMSTAR2(192.168.254.23) Mail held in " & fname & ": " & fcount & "' " mCmd = aMail & mFrom & mTo & mSubj & "-f" Return = WshShell.Run(mCmd , 1, TRUE) End Function MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm _ From: "Harry Vanderzand" Sent: Wednesday, August 25, 2010 9:52 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Declude queue alert Is there any way that the system can give me an alert when the Declude queue fills up past a certain point? There have been a couple of cases recently that have caused Declude to stop processing. The mail backs up in the queue and I only realize it when someone complains or I notice that no mail has come in for a while. I then restart the service and processing starts up again. If I were to get an alert that say, 500 items were in the queue then I would know there is a problem. Thank you Please note our new Address Harry Vanderzand Intown Internet 740 Erbsville Road Waterloo, On, N2J 3Z4 519-741-1222 DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying,or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Thank you. --- [This E-mail was checked by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was checked by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Questions
Hi Everyone - I've got two questions: I've kept up-to-date with Declude, but I haven't done a good job keeping the global.cfg files updated when a new release has come out. The one I'm currently using is probably over a year old (at least). Do you have any advice as to the best way to "merge" the newest one with mine, just to make sure I don't lose anything super important? Or should I just put the new one in place, update it with my settings, then add my filters back as needed? At one point I had a lot of custom stuff in there, but Linda helped me clean it up a few years ago. So I'm running pretty much "stock". I've noticed files that are getting caught in the virus folder. When investigating them, I see the line: X-DECLUDE-Virus: Detected [Outlook 'MIME segment in MIME Postamble' Vulnerability] These messages are coming from trusted mailing lists. I went in and added one of them as a "ALLOWVULNERABILITYFROM", but then I found a few more. What's the best practice here - continue adding them as I find them? I also found a message for "ZEROHOUR Unknown". Finally, we have a subscription for Sniffer. But I think I heard that I can get it automatically through Declude. Is there an advantage of doing it one way or the other? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CommTouch ZeroHour
For what it's worth, after getting clarification from David yesterday, and an explanation on pricing, we added Commtouch immediately. Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dean Lawrence Sent: Friday, June 05, 2009 11:06 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] CommTouch ZeroHour Excellent. Thanks David On Fri, Jun 5, 2009 at 11:54 AM, David Barker wrote: >>>I simply host mailboxes for some of my development clients' domains. > > This is classified as a non-ISP and you can use Commtouch > > > David Barker > VP Operations Declude > Your Email security is our business > 978.499.2933 office > 978.988.1311 fax > dbar...@declude.com > > > > -Original Message- > From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dean > Lawrence > Sent: Friday, June 05, 2009 11:50 AM > To: declude.junkmail@declude.com > Subject: Re: [Declude.JunkMail] CommTouch ZeroHour > > Thanks David. I'm still a little confused though. I do not provide > Internet access for my clients, nor do I offer a clean and forward > option. I simply host mailboxes for some of my development clients' > domains. With this description, would CommTouch classify me as an ISP? > > Thanks, > > Dean > > On Fri, Jun 5, 2009 at 11:35 AM, David Barker wrote: >> Yes Internet access provider is a better description of ISP and how it is >> understood by Commtouch. >> >> David >> >> -Original Message- >> From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy >> Schmidt >> Sent: Friday, June 05, 2009 11:30 AM >> To: declude.junkmail@declude.com >> Subject: RE: [Declude.JunkMail] CommTouch ZeroHour >> >> Uh - okay, that was the reason, why I wasn't able to purchase CommTouch > back >> when. >> >> As a hosting provider (which includes providing mailboxes for the clients' >> domains), that would fall under the umbrella "primary function is to > provide >> Internet service". >> >> If they would define ISP as Internet ACCESS provider - then this would be > a >> different story. Because we don't provide Internet access and our primary >> function is not clean-and-forward MX services. >> >> -Original Message- >> From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David >> Barker >> Sent: Friday, June 05, 2009 10:49 AM >> To: declude.junkmail@declude.com >> Subject: RE: [Declude.JunkMail] CommTouch ZeroHour >> >> Commtouch does have a restriction. The condition is: >> >> a. "ISP" shall mean an internet service provider or managed solution >> provider. >> >> What this means - if you are an ISP as defined by Commtouch, your primary >> function is to provide Internet service to your customers (like Comcast) > or >> your business provides managed services (Like MXlogic) clean-and-forward > of >> emails. >> >> Secondly, if your business is part of the ISP category you can use > Commtouch >> with the added cost of $3.60 per user per year. >> >> And finally, the yearly cost and payments to Commtouch for NON-ISP > perpetual >> license Declude customers is being absorbed by Declude. >> >> David Barker >> VP Operations Declude >> Your Email security is our business >> 978.499.2933 office >> 978.988.1311 fax >> dbar...@declude.com >> >> >> >> >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to imail...@declude.com, and >> type "unsubscribe Declude.JunkMail". The archives can be found >> at http://www.mail-archive.com. >> >> >> >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to imail...@declude.com, and >> type "unsubscribe Declude.JunkMail". The archives can be found >> at http://www.mail-archive.com. >> >> > > > > -- > __ > Dean Lawrence, CIO/Partner > Internet Data Technology > 888.GET.IDT1 ext. 701 * fax: 888.438.4381 > http://www.idatatech.com/ > Corporate Internet Development and Marketing Specialists > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to imail...@declude.com, and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > > > --- > This E-mail came
RE: [Declude.JunkMail] BackScatter
Thanks Craig. From all indications our server is tightened down pretty good right now. We moved from Imail to SM at the start of April, and I implemented grey listing at the start of May. So we did have a fair amount of backscatter in between until I really understood what greylisting could do. Unfortunately, I can't talk the bosses into dropping another $800 or so to try and fix the problem. I know others have used ASSP with success, so I might look at that. SmarterMail's greylisting seems to be a lot better than what the rules in Declude offer. I might look at implementing ASSP in front of SM. I've heard a lot of people talk about the advantages of running something in front of your mail server. So it might be time. Todd From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Craig Edmonds Sent: Saturday, May 16, 2009 1:53 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BackScatter Hi Todd, I think grey listing prevents backscatter coming INTO your mail server, it does not prevent you getting on blacklists. If you are on a blacklist then I think you need to figure out how your smtp server is configured because it would indicate an issue somewhere. Since using Alligate (www.alligate.com) as the first line of defence in front of declude, we have had zero black listings and all the backscatter has disappeared. The backscatter rules in declude really blow which is why I would highly recommend looking at Alligate as your smtp gateway. Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com <http://www.123marbella.com/> E : cr...@123marbella.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Graveen Sent: 16 May 2009 13:54 To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] BackScatter I think Greylisting reduces backscatter. Greylisting stops the majority of the SPAM from ever reaching our mail server, so it never has a chance to get bounced back because of a non existent user, etc. Mike _ Hi Everyone - We've been having a few issues with mail servers refusing our mail. Today I ran a test on DNSStuff and found that our IP is on BackScatter.org. They are referencing an event on 4/27, and supposedly we will be removed after 4 weeks if they haven't had any other issues. Of course we can pay to have it removed sooner. I'm not sure if being listed in their DB is the main culprit to the server refusals that I've seen? We switched over to SmarterMail in mid-April. Since 4/27, we have implemented grey listing. Is grey listing a good first line of defense? Is there anything else I should be doing to prevent back scatter? Thanks for your thoughts on this. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BackScatter
Thanks Darin! From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Darin Cox Sent: Saturday, May 16, 2009 2:21 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] BackScatter Hi Todd, No, I was intending to set up a notification process to automatically let us know when our rating/score changed on these sites. Darin. - Original Message - From: Todd Richards <mailto:to...@nnepa.com> To: declude.junkmail@declude.com Sent: Saturday, May 16, 2009 1:34 PM Subject: RE: [Declude.JunkMail] BackScatter Thanks Darin - good suggestions. I checked with SenderBase and we are "good". With SenderScore, on the other hand, I can't tell whether we are good or bad. Our sender score is a 96, but our risk is high. When you say you are going to monitor them, do you mean just manually checking them? Todd Results for 8.7.193.82 Sender Score: 96 IP Address Information Hostname mail.nnepa.com Other IPs with same hostname None Blacklists None Sender Score Certified No Safelist No Deliverability This represents whether email from 8.7.193.82 is being accepted for delivery in the Sender Score reporting network. Return Path offers a variety of detailed reporting tools to monitor delivery performance. Accepted Rate: 31.79% Risk: High Reputation Measures These are individual measures of the reputation for 8.7.193.82. Measure Type Value Complaints Score (0-100) 100 Volume Score (0-100) 0 External Reputation Score (0-100) 67 Unknown Users Score (0-100) 12 Spam Trap Hits Count 1 Last Spam Trap Date Date 04/18/2009 Sending Domains We've seen 8.7.193.82 sending email for these domains. Domain Authenticated mail.nnepa.com Yes - A Record, Reverse DNS Match From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Darin Cox Sent: Saturday, May 16, 2009 7:33 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] BackScatter Todd, you might want to check SenderBase. We had a similar issue a month ago. SenderBase had recorded a number of backscatter messages from a private list we host that often gets attacked by spammers. The unauthorized access notices that were sent back were seen as backscatter by SenderBase and they reduced our rating from Good to Poor. IronPort filtering devices use the SenderBase rating as one of their blocking criteria, so we were blocked from sending to mail servers protected by IronPort. Fortunately there were only a handful of our customers affected, we rerouted mail temporarily, and we were upgraded in SenderBase two days later after adding filtering to that hosting account. Matt Bramble pointed out to me another site, SenderScore.org, that you might want to watch as well. I'm planning to set up monitoring on these sites as an additional detection of delivery problems. Darin. - Original Message - From: Michael Graveen To: declude.junkmail@declude.com Sent: Saturday, May 16, 2009 7:54 AM Subject: re: [Declude.JunkMail] BackScatter I think Greylisting reduces backscatter. Greylisting stops the majority of the SPAM from ever reaching our mail server, so it never has a chance to get bounced back because of a non existent user, etc. Mike Hi Everyone - We've been having a few issues with mail servers refusing our mail. Today I ran a test on DNSStuff and found that our IP is on BackScatter.org. They are referencing an event on 4/27, and supposedly we will be removed after 4 weeks if they haven't had any other issues. Of course we can pay to have it removed sooner. I'm not sure if being listed in their DB is the main culprit to the server refusals that I've seen? We switched over to SmarterMail in mid-April. Since 4/27, we have implemented grey listing. Is grey listing a good first line of defense? Is there anything else I should be doing to prevent back scatter? Thanks for your thoughts on this. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just s
RE: [Declude.JunkMail] BackScatter
Thanks Darin - good suggestions. I checked with SenderBase and we are "good". With SenderScore, on the other hand, I can't tell whether we are good or bad. Our sender score is a 96, but our risk is high. When you say you are going to monitor them, do you mean just manually checking them? Todd Results for 8.7.193.82 Sender Score: 96 IP Address Information Hostname mail.nnepa.com Other IPs with same hostname None Blacklists None Sender Score Certified No Safelist No Deliverability This represents whether email from 8.7.193.82 is being accepted for delivery in the Sender Score reporting network. Return Path offers a variety of detailed reporting tools to monitor delivery performance. Accepted Rate: 31.79% Risk: High Reputation Measures These are individual measures of the reputation for 8.7.193.82. Measure Type Value Complaints Score (0-100) 100 Volume Score (0-100) 0 External Reputation Score (0-100) 67 Unknown Users Score (0-100) 12 Spam Trap Hits Count 1 Last Spam Trap Date Date 04/18/2009 Sending Domains We've seen 8.7.193.82 sending email for these domains. Domain Authenticated mail.nnepa.com Yes - A Record, Reverse DNS Match From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Darin Cox Sent: Saturday, May 16, 2009 7:33 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] BackScatter Todd, you might want to check SenderBase. We had a similar issue a month ago. SenderBase had recorded a number of backscatter messages from a private list we host that often gets attacked by spammers. The unauthorized access notices that were sent back were seen as backscatter by SenderBase and they reduced our rating from Good to Poor. IronPort filtering devices use the SenderBase rating as one of their blocking criteria, so we were blocked from sending to mail servers protected by IronPort. Fortunately there were only a handful of our customers affected, we rerouted mail temporarily, and we were upgraded in SenderBase two days later after adding filtering to that hosting account. Matt Bramble pointed out to me another site, SenderScore.org, that you might want to watch as well. I'm planning to set up monitoring on these sites as an additional detection of delivery problems. Darin. - Original Message - From: Michael Graveen To: declude.junkmail@declude.com Sent: Saturday, May 16, 2009 7:54 AM Subject: re: [Declude.JunkMail] BackScatter I think Greylisting reduces backscatter. Greylisting stops the majority of the SPAM from ever reaching our mail server, so it never has a chance to get bounced back because of a non existent user, etc. Mike Hi Everyone - We've been having a few issues with mail servers refusing our mail. Today I ran a test on DNSStuff and found that our IP is on BackScatter.org. They are referencing an event on 4/27, and supposedly we will be removed after 4 weeks if they haven't had any other issues. Of course we can pay to have it removed sooner. I'm not sure if being listed in their DB is the main culprit to the server refusals that I've seen? We switched over to SmarterMail in mid-April. Since 4/27, we have implemented grey listing. Is grey listing a good first line of defense? Is there anything else I should be doing to prevent back scatter? Thanks for your thoughts on this. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BackScatter
Thanks Mike. Like I said, I implemented greylisting after the date in question, so hopefully we'll be clear when our time is up! Todd From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Graveen Sent: Saturday, May 16, 2009 6:54 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] BackScatter I think Greylisting reduces backscatter. Greylisting stops the majority of the SPAM from ever reaching our mail server, so it never has a chance to get bounced back because of a non existent user, etc. Mike _ Hi Everyone - We've been having a few issues with mail servers refusing our mail. Today I ran a test on DNSStuff and found that our IP is on BackScatter.org. They are referencing an event on 4/27, and supposedly we will be removed after 4 weeks if they haven't had any other issues. Of course we can pay to have it removed sooner. I'm not sure if being listed in their DB is the main culprit to the server refusals that I've seen? We switched over to SmarterMail in mid-April. Since 4/27, we have implemented grey listing. Is grey listing a good first line of defense? Is there anything else I should be doing to prevent back scatter? Thanks for your thoughts on this. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BackScatter
Hi Everyone - We've been having a few issues with mail servers refusing our mail. Today I ran a test on DNSStuff and found that our IP is on BackScatter.org. They are referencing an event on 4/27, and supposedly we will be removed after 4 weeks if they haven't had any other issues. Of course we can pay to have it removed sooner. I'm not sure if being listed in their DB is the main culprit to the server refusals that I've seen? We switched over to SmarterMail in mid-April. Since 4/27, we have implemented grey listing. Is grey listing a good first line of defense? Is there anything else I should be doing to prevent back scatter? Thanks for your thoughts on this. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CBL:IP is Blacklisted
Thanks David! Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Friday, February 13, 2009 3:48 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted Todd, A valid service agreement with Declude is all that is needed and we can help you with the setup of Declude and transferring the license from IM to SM it is a very easy process. David B -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd Richards Sent: Friday, February 13, 2009 4:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted So are you saying that if I were running SM that I don't need Alligate? Not opposed to trying something ike that but don't want to make things any more complicated than they are. BTW, I'm really considering moving to SM. If others have done this, would you please email me off list and tell me how it went, and what I should expect along the way? I guess SM has a tool to convert me. David, what about Declude? I know it works great with SM but what do I need to know about changing that? Thanks everyone. Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Ncl Admin Sent: Friday, February 13, 2009 2:19 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted Well Alligate should most definitely be in your plan. I run it, cuts server hits by over 90%, is cost effective. Cuts Virus by nearly 99% as bots don't get through I tried SM as well as microsoft. Best thing I have ever tried was Alligate. Works well with Declude and they even have something coming out together. Guess SM has nice web interface now tho. At 01:34 PM 2/13/2009 -0600, Todd Richards wrote: >Thanks Craig. I have on my budget an upgrade for our mail server - not sure >yet whether I'm sticking with Imail or going to SM. Just sucks that it is >suddenly happening and I probably need to do it sooner rather than later. I >don't know anything about Alligate and don't know whether that should be in >my plan regardless of what I upgrade to. So I don't know if I should waste >time putting that in as a work around for now. > >Todd > > >-Original Message- >From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Craig >Edmonds >Sent: Friday, February 13, 2009 11:33 AM >To: declude.junkmail@declude.com >Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted > > >I had this problem too and I have imail 8.15 so the stupid fix does not >apply to me either. > >Therefore I had the choice (or rather the ultimatum from CBL) to either >upgrade Imail or use a smtp gateway. > >So I now use Alligate as an smtp server. > >It funny...notthat they "used" to whitelist imail users, now they dont, >they just give you the ultimatum even when you can prove that your server is >legit and well protected. > >The guys at CBL have their heads up theirwell you can imagine it. > > >Kindest Regards >Craig Edmonds >123 Marbella Internet Services >W: www.123marbella.com >E : cr...@123marbella.com > > > > > >-Original Message- >From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd >Richards >Sent: 13 February 2009 18:25 >To: declude.junkmail@declude.com >Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted > > >Thanks Andrew. I just got a note from CBL that says that they are no longer >automatically removing Imail machines, as there is a fix. Not sure if my >older version (8.2x) is part of that fix or what. Anyway, their message >said > >"The CBL attempts to detect compromised machines in a number of ways based >upon the email that the CBL's mail servers receive. > >During this it tries distinguish whether the connections represent real mail >servers by ensuring that each connection is claiming a plausible machine >name for itself (via SMTP HELO), and not listing any IP that corresponds to >a real mail server (or several mail servers if the IP address is a NAT >firewall with multiple mail servers behind it). > >8.7.193.82 was found to be using several different EHLO/HELO names during >multiple connections on or about: > >2009:02:12 ~21:30 UTC+/- 15 minutes (approximately 19 hours ago). > >The names seen included: > > enwcommunity.com, hcaa.com, mail.nnepa.com, p01c11m022.mxlogic.net, >p01c11m096.mxlogic.net, p01c11m102.mxlogic.net, p01c11m107.mxlogic.net, >p01c12m013.mxlogic.net, p01c12m062.mxlogic.net >" > >The first two are legitimate virtual domains on our server, the third is our >server. But I have no idea where the mxlogic.net names are fr
RE: [Declude.JunkMail] CBL:IP is Blacklisted
So are you saying that if I were running SM that I don't need Alligate? Not opposed to trying something ike that but don't want to make things any more complicated than they are. BTW, I'm really considering moving to SM. If others have done this, would you please email me off list and tell me how it went, and what I should expect along the way? I guess SM has a tool to convert me. David, what about Declude? I know it works great with SM but what do I need to know about changing that? Thanks everyone. Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Ncl Admin Sent: Friday, February 13, 2009 2:19 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted Well Alligate should most definitely be in your plan. I run it, cuts server hits by over 90%, is cost effective. Cuts Virus by nearly 99% as bots don't get through I tried SM as well as microsoft. Best thing I have ever tried was Alligate. Works well with Declude and they even have something coming out together. Guess SM has nice web interface now tho. At 01:34 PM 2/13/2009 -0600, Todd Richards wrote: >Thanks Craig. I have on my budget an upgrade for our mail server - not sure >yet whether I'm sticking with Imail or going to SM. Just sucks that it is >suddenly happening and I probably need to do it sooner rather than later. I >don't know anything about Alligate and don't know whether that should be in >my plan regardless of what I upgrade to. So I don't know if I should waste >time putting that in as a work around for now. > >Todd > > >-Original Message- >From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Craig >Edmonds >Sent: Friday, February 13, 2009 11:33 AM >To: declude.junkmail@declude.com >Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted > > >I had this problem too and I have imail 8.15 so the stupid fix does not >apply to me either. > >Therefore I had the choice (or rather the ultimatum from CBL) to either >upgrade Imail or use a smtp gateway. > >So I now use Alligate as an smtp server. > >It funny...notthat they "used" to whitelist imail users, now they dont, >they just give you the ultimatum even when you can prove that your server is >legit and well protected. > >The guys at CBL have their heads up theirwell you can imagine it. > > >Kindest Regards >Craig Edmonds >123 Marbella Internet Services >W: www.123marbella.com >E : cr...@123marbella.com > > > > > >-Original Message- >From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd >Richards >Sent: 13 February 2009 18:25 >To: declude.junkmail@declude.com >Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted > > >Thanks Andrew. I just got a note from CBL that says that they are no longer >automatically removing Imail machines, as there is a fix. Not sure if my >older version (8.2x) is part of that fix or what. Anyway, their message >said > >"The CBL attempts to detect compromised machines in a number of ways based >upon the email that the CBL's mail servers receive. > >During this it tries distinguish whether the connections represent real mail >servers by ensuring that each connection is claiming a plausible machine >name for itself (via SMTP HELO), and not listing any IP that corresponds to >a real mail server (or several mail servers if the IP address is a NAT >firewall with multiple mail servers behind it). > >8.7.193.82 was found to be using several different EHLO/HELO names during >multiple connections on or about: > >2009:02:12 ~21:30 UTC+/- 15 minutes (approximately 19 hours ago). > >The names seen included: > > enwcommunity.com, hcaa.com, mail.nnepa.com, p01c11m022.mxlogic.net, >p01c11m096.mxlogic.net, p01c11m102.mxlogic.net, p01c11m107.mxlogic.net, >p01c12m013.mxlogic.net, p01c12m062.mxlogic.net >" > >The first two are legitimate virtual domains on our server, the third is our >server. But I have no idea where the mxlogic.net names are from? > >Todd > > > > > >-Original Message- >From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck, >Andrew >Sent: Friday, February 13, 2009 10:56 AM >To: declude.junkmail@declude.com >Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted > >Here's the answer, Todd. > >http://www.mail-archive.com/imail_fo...@list.ipswitch.com/msg103112.html > >It's an old problem with CBL and IMail. Certainly, CBL is at fault and >by now they should have at least taken up SPF record checking to weed >out false positives. I just checked your SPF record and it is valid, so >this would have helped y
RE: [Declude.JunkMail] CBL:IP is Blacklisted
So you set up IIS SMTP on the mail server, and are using that as your SMTP server? Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Heimir Eidskrem Sent: Friday, February 13, 2009 11:37 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] CBL:IP is Blacklisted If you are using Imail 8.2 or earlier CBL will black list. We had the same problem. The fix is to upgrade to a new version of Imail. We had to setup IIS SMTP and we are forwarding all email from imail to the IIS SMTP and send it out from there. Todd Richards wrote: > Hi Everyone - > > Late yesterday I started seeing some bounces that our IP address was being > rejected because of the following: > > RCPT TO generated following response: > 554 Denied [SHXBL] - Denied by Spamhaus XBL - See > http://www.spamhaus.org/query/bl?ip=8.7.193.82 (Mode: normal) > > I checked and we are, in fact, listed in CBL. I went through the steps to > request removal. Is there anything else I should do? I'm really not sure > how we got on it anyway. Does anyone know how long it takes? I've got > several people hollering at me because anything they send out is being > rejected as spam. > > Todd > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to imail...@declude.com, and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CBL:IP is Blacklisted
Thanks Craig. I have on my budget an upgrade for our mail server - not sure yet whether I'm sticking with Imail or going to SM. Just sucks that it is suddenly happening and I probably need to do it sooner rather than later. I don't know anything about Alligate and don't know whether that should be in my plan regardless of what I upgrade to. So I don't know if I should waste time putting that in as a work around for now. Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Craig Edmonds Sent: Friday, February 13, 2009 11:33 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted I had this problem too and I have imail 8.15 so the stupid fix does not apply to me either. Therefore I had the choice (or rather the ultimatum from CBL) to either upgrade Imail or use a smtp gateway. So I now use Alligate as an smtp server. It funny...notthat they "used" to whitelist imail users, now they dont, they just give you the ultimatum even when you can prove that your server is legit and well protected. The guys at CBL have their heads up theirwell you can imagine it. Kindest Regards Craig Edmonds 123 Marbella Internet Services W: www.123marbella.com E : cr...@123marbella.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd Richards Sent: 13 February 2009 18:25 To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted Thanks Andrew. I just got a note from CBL that says that they are no longer automatically removing Imail machines, as there is a fix. Not sure if my older version (8.2x) is part of that fix or what. Anyway, their message said "The CBL attempts to detect compromised machines in a number of ways based upon the email that the CBL's mail servers receive. During this it tries distinguish whether the connections represent real mail servers by ensuring that each connection is claiming a plausible machine name for itself (via SMTP HELO), and not listing any IP that corresponds to a real mail server (or several mail servers if the IP address is a NAT firewall with multiple mail servers behind it). 8.7.193.82 was found to be using several different EHLO/HELO names during multiple connections on or about: 2009:02:12 ~21:30 UTC+/- 15 minutes (approximately 19 hours ago). The names seen included: enwcommunity.com, hcaa.com, mail.nnepa.com, p01c11m022.mxlogic.net, p01c11m096.mxlogic.net, p01c11m102.mxlogic.net, p01c11m107.mxlogic.net, p01c12m013.mxlogic.net, p01c12m062.mxlogic.net " The first two are legitimate virtual domains on our server, the third is our server. But I have no idea where the mxlogic.net names are from? Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck, Andrew Sent: Friday, February 13, 2009 10:56 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted Here's the answer, Todd. http://www.mail-archive.com/imail_fo...@list.ipswitch.com/msg103112.html It's an old problem with CBL and IMail. Certainly, CBL is at fault and by now they should have at least taken up SPF record checking to weed out false positives. I just checked your SPF record and it is valid, so this would have helped you. Andrew. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd Richards Sent: Friday, February 13, 2009 8:42 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted OK, Sorry to cry wolf. I sent them an email directly (which is what they said to do if you are running Imail) and it appears that they have us removed already. Not sure why/how we got added, if it has anything to do with Imail (as they suggest) or what. I'm running several misc. scans on our server to be sure we don't have a problem. Any other suggestions of how/why, or what to check are always appreciated! Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd Richards Sent: Friday, February 13, 2009 10:13 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] CBL:IP is Blacklisted Hi Everyone - Late yesterday I started seeing some bounces that our IP address was being rejected because of the following: RCPT TO generated following response: 554 Denied [SHXBL] - Denied by Spamhaus XBL - See http://www.spamhaus.org/query/bl?ip=8.7.193.82 (Mode: normal) I checked and we are, in fact, listed in CBL. I went through the steps to request removal. Is there anything else I should do? I'm really not sure how we got on it anyway. Does anyone know how long it takes? I've got several people hollering at me because anything they send out is being rejected as spam. Todd --- This E-mail came from the D
RE: [Declude.JunkMail] CBL:IP is Blacklisted
Thanks Andrew. I just got a note from CBL that says that they are no longer automatically removing Imail machines, as there is a fix. Not sure if my older version (8.2x) is part of that fix or what. Anyway, their message said "The CBL attempts to detect compromised machines in a number of ways based upon the email that the CBL's mail servers receive. During this it tries distinguish whether the connections represent real mail servers by ensuring that each connection is claiming a plausible machine name for itself (via SMTP HELO), and not listing any IP that corresponds to a real mail server (or several mail servers if the IP address is a NAT firewall with multiple mail servers behind it). 8.7.193.82 was found to be using several different EHLO/HELO names during multiple connections on or about: 2009:02:12 ~21:30 UTC+/- 15 minutes (approximately 19 hours ago). The names seen included: enwcommunity.com, hcaa.com, mail.nnepa.com, p01c11m022.mxlogic.net, p01c11m096.mxlogic.net, p01c11m102.mxlogic.net, p01c11m107.mxlogic.net, p01c12m013.mxlogic.net, p01c12m062.mxlogic.net " The first two are legitimate virtual domains on our server, the third is our server. But I have no idea where the mxlogic.net names are from? Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck, Andrew Sent: Friday, February 13, 2009 10:56 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted Here's the answer, Todd. http://www.mail-archive.com/imail_fo...@list.ipswitch.com/msg103112.html It's an old problem with CBL and IMail. Certainly, CBL is at fault and by now they should have at least taken up SPF record checking to weed out false positives. I just checked your SPF record and it is valid, so this would have helped you. Andrew. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd Richards Sent: Friday, February 13, 2009 8:42 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:IP is Blacklisted OK, Sorry to cry wolf. I sent them an email directly (which is what they said to do if you are running Imail) and it appears that they have us removed already. Not sure why/how we got added, if it has anything to do with Imail (as they suggest) or what. I'm running several misc. scans on our server to be sure we don't have a problem. Any other suggestions of how/why, or what to check are always appreciated! Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd Richards Sent: Friday, February 13, 2009 10:13 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] CBL:IP is Blacklisted Hi Everyone - Late yesterday I started seeing some bounces that our IP address was being rejected because of the following: RCPT TO generated following response: 554 Denied [SHXBL] - Denied by Spamhaus XBL - See http://www.spamhaus.org/query/bl?ip=8.7.193.82 (Mode: normal) I checked and we are, in fact, listed in CBL. I went through the steps to request removal. Is there anything else I should do? I'm really not sure how we got on it anyway. Does anyone know how long it takes? I've got several people hollering at me because anything they send out is being rejected as spam. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CBL:IP is Blacklisted
OK, Sorry to cry wolf. I sent them an email directly (which is what they said to do if you are running Imail) and it appears that they have us removed already. Not sure why/how we got added, if it has anything to do with Imail (as they suggest) or what. I'm running several misc. scans on our server to be sure we don't have a problem. Any other suggestions of how/why, or what to check are always appreciated! Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd Richards Sent: Friday, February 13, 2009 10:13 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] CBL:IP is Blacklisted Hi Everyone - Late yesterday I started seeing some bounces that our IP address was being rejected because of the following: RCPT TO generated following response: 554 Denied [SHXBL] - Denied by Spamhaus XBL - See http://www.spamhaus.org/query/bl?ip=8.7.193.82 (Mode: normal) I checked and we are, in fact, listed in CBL. I went through the steps to request removal. Is there anything else I should do? I'm really not sure how we got on it anyway. Does anyone know how long it takes? I've got several people hollering at me because anything they send out is being rejected as spam. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] CBL:IP is Blacklisted
Hi Everyone - Late yesterday I started seeing some bounces that our IP address was being rejected because of the following: RCPT TO generated following response: 554 Denied [SHXBL] - Denied by Spamhaus XBL - See http://www.spamhaus.org/query/bl?ip=8.7.193.82 (Mode: normal) I checked and we are, in fact, listed in CBL. I went through the steps to request removal. Is there anything else I should do? I'm really not sure how we got on it anyway. Does anyone know how long it takes? I've got several people hollering at me because anything they send out is being rejected as spam. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] mail server software
David - Is there still a discount for SM through Declude? Todd -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Tuesday, February 03, 2009 9:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] mail server software Smartermail would be a good and easy solution, 1. You can transfer your current Declude license (provided you have a valid service agreement) 2. Has the features you need 3. 50 Domain 200 Users Enterprise version is only $449.10 from Declude 4. Used my many ex-IMail admins so lots of familiarity with SM product. David B -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Craig Edmonds Sent: Tuesday, February 03, 2009 9:53 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] mail server software Why are you moving away from Imail? I hear Smarter Mail is quite good and integrates with declude. (i think you can also migrate from imail to smarter mail) http://www.smartertools.com/ I use imail myself. Kindest Regards Craig Edmonds 123 Marbella Internet Services W: www.123marbella.com E : cr...@123marbella.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Bruce Loughlin Sent: 03 February 2009 15:45 To: declude.junkmail@declude.com Subject: [Declude.JunkMail] mail server software I am going to move from Imail soon. Does any one have any recommendations on reasonable Mail Server software. we need maybe 200 users, and we just pop our mail now. I have been using Workgroup Share to add calendar sharing etc to our current config. Has any one used their Mail Server software and what do you think of it? and will my junkmail still work with it? Thanks for any help. Bruce Loughlin --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam
Hi Everyone - Over the past few days, I've been seeing spam come in with the "from" and "to" the same address. The address exists on our server only as an alias (an old IT person) and I am the recipient. Today I got an irate email from one of our customers who is getting the same thing (from her, to her). Unfortunately, she went and tried to unsubscribe on the links... My settings in my global.cfg file are: PREWHITELISTON WHITELIST AUTH Any thoughts on what we could do differently? Thanks for any suggestions! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with Regex
Good point, Matt. Thanks! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, October 29, 2008 1:07 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Help with Regex Todd, There are 600,426,974,379,824,381,952 ways to spell "Viagra" (http://www.americanscientist.org/issues/pub/how-many-ways-can-you-spell-v1g ra/3) and likewise a similar number of ways to obfuscate other words with 6 letters. It is a better to target other aspects of the message and even the obfuscation techniques themselves than to attempt to go after the actual text. Matt Todd Richards wrote: > Hi Everyone - > > I'm seeing this come through a lot - "CH!l.D P.ORN and P!rate S0ftware". So > far, the spam filters are catching it ok based on all of the other filters > there. However, some of them are barely being caught and I'd like to make > sure they don't make it through. I threw a basic "CONTAINS" filter in for > an exact match, but I can already see them doing different things to make it > through. > > Any suggestions on a regular expression? > > Todd > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Help with Regex
Hi Everyone - I'm seeing this come through a lot - "CH!l.D P.ORN and P!rate S0ftware". So far, the spam filters are catching it ok based on all of the other filters there. However, some of them are barely being caught and I'd like to make sure they don't make it through. I threw a basic "CONTAINS" filter in for an exact match, but I can already see them doing different things to make it through. Any suggestions on a regular expression? Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Negative Weight an IP
Thanks Sandy. I will look into this. Before our move, we had our servers within Active Directory and had two internal DNS servers running. Now we have our "internet" servers in a DMZ and away from Active Directory. So some of this I'm learning as I go (not what you want to hear, I know!) Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Thursday, October 23, 2008 6:53 PM To: Todd Richards Subject: Re[2]: [Declude.JunkMail] Negative Weight an IP > I can easily get a REVDNS through my ISP. Not for your private IP range, you can't. > However, I'm not sure what I would get it as. Obviously my mail > server was easy (mail.domain.com). However, with a web server that > hosts many sites, do I have to have a REVDNS for each domain name? No, you decide the single most appropriate canonical hostname for the box and point the IP to that hostname. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/re lease/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Negative Weight an IP
Actually, it doesn't send just to the mail server. But I'm guessing that would be the best thing to do. I can easily get a REVDNS through my ISP. However, I'm not sure what I would get it as. Obviously my mail server was easy (mail.domain.com). However, with a web server that hosts many sites, do I have to have a REVDNS for each domain name? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman [Mobile] Sent: Thursday, October 23, 2008 5:15 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Negative Weight an IP While any server doing direct delivery to remote MXs must have a PTR, I got the impression that Todd's box sends to the Declude box only, making the PTR somewhat more optional (until, of course, your anti-spam gateway looks for a PTR...). --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Negative Weight an IP
Sandy, I guess that was a question that was on my mind. We've never had anything set up for the web server before - only the REVDNS for the mail server itself. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Thursday, October 23, 2008 1:23 PM To: Todd Richards Subject: Re: [Declude.JunkMail] Negative Weight an IP > Thanks for your suggestions! Um, fix the PTR? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/re lease/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Negative Weight an IP
Hello - After our move, email from our web server forms (sent via IIS SMTP) and server alerts is being caught. One of the things that it is failing on is the REVDNS. My thought was to counter the REVDNS with a negative weight on the IP address, but I'm not sure of the syntax to add to my "allow" filter. I would probably prefer not to whitelist the server, as bogus emails that come through tend to get caught. Thanks for your suggestions! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Changes
Hi Darrell - I do not have a DNSOVERRIDE in my declude.cfg file. I did change the DNS in the IMail Admin panel (under SMTP) to reflect my two new local DNS servers. Again, this will change as soon as I move my mail server to its new home. So at that point, I will need to make DNS changes again. Knowing this - what really is "best practice"? And with invURIBL, I modified its config file to use the local primary DNS server. Is that "best"? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, October 08, 2008 9:32 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] DNS Changes The diags.txt file is created as infomation whent he declude proc service is restarted. One thign you need to check is do you have a DNSOVERRIDE set in your declude.cfg file? Declude by default (as long as there is no DNSOVERRIDE) will use the IP of the DNS server in Imail Admin interface. Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Todd Richards wrote: > Hi everyone - > > I moved my primary internal DNS server to a new location last night (seeing > up another site in the WAN), and had planned on using the other DNS servers. > However, since moving it my spam has been "high". I changed the DNS to the > other server in the "diags.txt", and the "invURIBL.exe.config" (for > invURIBL). That helped, but am still getting some more that I don't > normally get. I just realized that there was a setting in IMail Admin too, > so that just got changed. > > Anything else that you can think of that I need to check/change? > > Also, regarding the diags.txt and the invURIBL config files, is it possible > to set more than one DNS server? > > Thanks! > > Todd > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Changes
Thanks Linda. It does seem like the spam has gone down, but I will make the changes you suggested and see what happens. I appreciate the great support! Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Linda Pagillo Sent: Tuesday, October 07, 2008 4:22 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] DNS Changes Todd, you can uncomment the line in the global.cfg and change the 127.0.0.1 to 208.67.220.220. Yes, my educated guess would be that your spam increase is directly related to the DNS server move. I suggest always using 208.67.220.220 because you will never have to rely on your internal DNS for Declude to run it's RBL tests properly. _ From: "Todd Richards" <[EMAIL PROTECTED]> Sent: Tuesday, October 07, 2008 5:03 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] DNS Changes Hi Linda - Thanks for that info. Actually, the DNS line in my global.cfg is listed as "#DNS 127.0.0.1", so it's commented out. It's probably been this way for a long time so what would that suggest? One other time when we saw an increase in spam, it had to do with the fact that my DNS server froze up. A reboot of the DNS server all but fixed it. So I assumed that this "increase" would also be related to DNS issues since I just moved my main DNS server. Should I uncomment it and use the DNS address that you suggested? My mail server will be moving to a new location soon as well, so I hate to set it all up to rely on an internal DNS server that won't be immediately available to it in the next week. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Linda Pagillo Sent: Tuesday, October 07, 2008 1:54 PM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] DNS Changes Todd, changing the DNS in the actual diags.txt file will do nothing. This is just a text file that is generated from information in the .cfg files. In order to change the DNS that declude uses, you must add the following line to your global.cfg. file... DNS xxx.xxx.xxx.xxx Change the x's to the IP of your DNS server. Once you do this, delete your current diags.txt, restart the decludeproc service and a new diags.txt will be generated and your new DNS server will show in the diags.txt and it will be used within Declude. Also, we suggest that you use the following DNS server with Declude 208.67.220.220. This is an OpenDNS server and it is extremely reliable. _ From: "Todd Richards" <[EMAIL PROTECTED]> Sent: Tuesday, October 07, 2008 2:48 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] DNS Changes Hi everyone - I moved my primary internal DNS server to a new location last night (seeing up another site in the WAN), and had planned on using the other DNS servers. However, since moving it my spam has been "high". I changed the DNS to the other server in the "diags.txt", and the "invURIBL.exe.config" (for invURIBL). That helped, but am still getting some more that I don't normally get. I just realized that there was a setting in IMail Admin too, so that just got changed. Anything else that you can think of that I need to check/change? Also, regarding the diags.txt and the invURIBL config files, is it possible to set more than one DNS server? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Changes
Hi Linda - Thanks for that info. Actually, the DNS line in my global.cfg is listed as "#DNS 127.0.0.1", so it's commented out. It's probably been this way for a long time so what would that suggest? One other time when we saw an increase in spam, it had to do with the fact that my DNS server froze up. A reboot of the DNS server all but fixed it. So I assumed that this "increase" would also be related to DNS issues since I just moved my main DNS server. Should I uncomment it and use the DNS address that you suggested? My mail server will be moving to a new location soon as well, so I hate to set it all up to rely on an internal DNS server that won't be immediately available to it in the next week. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Linda Pagillo Sent: Tuesday, October 07, 2008 1:54 PM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] DNS Changes Todd, changing the DNS in the actual diags.txt file will do nothing. This is just a text file that is generated from information in the .cfg files. In order to change the DNS that declude uses, you must add the following line to your global.cfg. file... DNS xxx.xxx.xxx.xxx Change the x's to the IP of your DNS server. Once you do this, delete your current diags.txt, restart the decludeproc service and a new diags.txt will be generated and your new DNS server will show in the diags.txt and it will be used within Declude. Also, we suggest that you use the following DNS server with Declude 208.67.220.220. This is an OpenDNS server and it is extremely reliable. _ From: "Todd Richards" <[EMAIL PROTECTED]> Sent: Tuesday, October 07, 2008 2:48 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] DNS Changes Hi everyone - I moved my primary internal DNS server to a new location last night (seeing up another site in the WAN), and had planned on using the other DNS servers. However, since moving it my spam has been "high". I changed the DNS to the other server in the "diags.txt", and the "invURIBL.exe.config" (for invURIBL). That helped, but am still getting some more that I don't normally get. I just realized that there was a setting in IMail Admin too, so that just got changed. Anything else that you can think of that I need to check/change? Also, regarding the diags.txt and the invURIBL config files, is it possible to set more than one DNS server? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DNS Changes
Hi everyone - I moved my primary internal DNS server to a new location last night (seeing up another site in the WAN), and had planned on using the other DNS servers. However, since moving it my spam has been "high". I changed the DNS to the other server in the "diags.txt", and the "invURIBL.exe.config" (for invURIBL). That helped, but am still getting some more that I don't normally get. I just realized that there was a setting in IMail Admin too, so that just got changed. Anything else that you can think of that I need to check/change? Also, regarding the diags.txt and the invURIBL config files, is it possible to set more than one DNS server? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelist auth and spammer infested computer
Harry - When I upgraded a few years ago to the Declude "suite", it came with it and was running after install. In fact, it held up a "mass mailing" by one client and it took me a little bit to figure out what happened (I didn't fully understand what it was that I upgraded too!) So the first thing I guess you should do is make sure you actually have HiJack? Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Tuesday, August 12, 2008 7:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] whitelist auth and spammer infested computer I have not implemented this before. Is there a sample cfg file? What and where can I get the scripts? I would like to get this set up right away and avoid this in the future Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Monday, August 11, 2008 10:01 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] whitelist auth and spammer infested computer Hi Harry - HiJack will do what you need to here. I have two client's who send out mass emails (about 1000-1500) and HiJack stops it every time (it even stopped me once!). I have a script to check the "hold" directory for messages, and when I am alerted I simply go in and see whether or not they are legitimate. If they are, I can use the tool that Declude included to quickly move them back for processing. You can then add the person's IP to the available "bulk" senders. However, if their IP address changes (which has been the case for me) then that doesn't do much good either. Regardless, once I'm alerted I can usually login and approve the messages within a short amount of time. The client doesn't really know there was a hold up. Everything that has been stopped has been legitimate (knocking on wood) so I haven't had to test it on a real threat. But it's good to know that it does the job it should. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, August 11, 2008 8:26 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] whitelist auth and spammer infested computer I have a situation where a client's computer in their network got infected by a spammer and 100,000 email got send out over the weekend It sure caused a big mess. How can I prevent this when I am using "whitelist auth" or do I need to turn that off"? I have all the latest software from Declude Should I be using Declude Hijack? I do have a few clients that do legitimate mass mailings from time to time. Any help would be very appreciated. Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelist auth and spammer infested computer
Hi Harry - HiJack will do what you need to here. I have two client's who send out mass emails (about 1000-1500) and HiJack stops it every time (it even stopped me once!). I have a script to check the "hold" directory for messages, and when I am alerted I simply go in and see whether or not they are legitimate. If they are, I can use the tool that Declude included to quickly move them back for processing. You can then add the person's IP to the available "bulk" senders. However, if their IP address changes (which has been the case for me) then that doesn't do much good either. Regardless, once I'm alerted I can usually login and approve the messages within a short amount of time. The client doesn't really know there was a hold up. Everything that has been stopped has been legitimate (knocking on wood) so I haven't had to test it on a real threat. But it's good to know that it does the job it should. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, August 11, 2008 8:26 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] whitelist auth and spammer infested computer I have a situation where a client's computer in their network got infected by a spammer and 100,000 email got send out over the weekend It sure caused a big mess. How can I prevent this when I am using "whitelist auth" or do I need to turn that off"? I have all the latest software from Declude Should I be using Declude Hijack? I do have a few clients that do legitimate mass mailings from time to time. Any help would be very appreciated. Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overnight Spam Increase?
OK, that was it. I went onto my mail server and tried to ping my DNS server. No go. I rebooted my DNS server, flushed the cache from my mail server, then all was well. It looks like things are working again. Quick question - can I add a second DNS server (which I have) so that it looks there if the primary is unavailable? I never thought of that but I guess anytime I have to reboot the primary server, then I am effectively leaving the mail server "unprotected". Thanks, David! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, July 10, 2008 2:01 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Overnight Spam Increase? ISSUE: Spam is slipping past Declude that hasn't normally passed any filtering. Spam is not being weighted high enough for actionable thresholds to take effect. Place your LOGLEVEL in DEBUG, let it run for several minutes and then open the log. What we are trying to do is identify a possible DNS issue. Packets not making it to the DNS server or not making it back from the DNS server can be an issue if you are running Declude Security Suite. The reason is we rely heavily on these queries to be successfully resolved in order to trigger certain test and assign spam a high enough weight. If you see the following in the log, find out where these queries are going because they aren't getting back to the application. 02/07/2007 13:48:34.640 35958831 Test #2 [ADNSBL] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #3 [BLITZEDALL] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #4 [CBL] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #5 [CSMA-SBL] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #6 [DSBL-CONFIRMED] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #7 [FIVETEN-SRC] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #7 [FIVETEN-SRC]didn't get a response 02/07/2007 13:48:34.640 35958831 Test #8 [JAMMDNSBL] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #9 [INTERSIL] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #10 [IPWHOIS] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #11 [IMP-SPAM] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #14 [NJABL] is same as Test #14 [NJABL=127.0.0.2]. Answer=? 02/07/2007 13:48:34.640 35958831 Test #15 [SBL] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a response 02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a response RESOLUTION: Check your diags.txt, if you see an IP address next to the DNS field and you see the above in your DEBUG log, that DNS server has either stopped responding or connectivity has been lost between the email server and the DNS machine. If no IP address has been identified in this field then Declude is having an issue reading it from your mail server itself. Open up your Global.cfg and specify an alternate address to another DNS server next to the DNS directive near the top of the file. Make sure to save your file, rename or delete the old DEBUG log and start a new one. You should see that these "didn't get a response" goes away. If you do not have an alternate DNS server try use the following. DNS 208.67.222.222 Also check your firewall to make sure it is not blocking DNS queries. David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, July 10, 2008 11:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Overnight Spam Increase? Hmm, this is new to me. An internal DNS issue or external (which we host with DNSMadeEasy)? This just started so I'm not sure where to look for resolution. Thanks, Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, July 10, 2008 9:11 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Overnight Spam Increase? Looks like you are having a DNS problem, this email never scored any RBL's yet when checking the IP it failed several. Failed: SPAMCOP HOSTKARMA SENDERSCORE UBL UCEPROTECTL2 UCEPROTECTL3 CASA-CBL+ CASA-CBL- SORBS-WEB SPAMHAUS PBL2 David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, July 10, 2008 9:16 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Overnight Spam Increase? Thanks D
RE: [Declude.JunkMail] Overnight Spam Increase?
Hmm, this is new to me. An internal DNS issue or external (which we host with DNSMadeEasy)? This just started so I'm not sure where to look for resolution. Thanks, Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, July 10, 2008 9:11 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Overnight Spam Increase? Looks like you are having a DNS problem, this email never scored any RBL's yet when checking the IP it failed several. Failed: SPAMCOP HOSTKARMA SENDERSCORE UBL UCEPROTECTL2 UCEPROTECTL3 CASA-CBL+ CASA-CBL- SORBS-WEB SPAMHAUS PBL2 David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, July 10, 2008 9:16 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Overnight Spam Increase? Thanks David. What I'm seeing is legitimate spam that while it is going through Declude - most is marked as spam - it's not scoring quite high enough to get held. Normally my Junk E-mail folder in Outlook (used to catch what little does make it through) has about 10 from the evening before. This morning, I had 140 in there. The strange part is that it looks like "old school" spam - credit card stuff, meds, etc. But when I look at the headers I can see it is going through the filters. Below is an example of one such emails, with the header information before the body. (note my hold weight is at 19) Todd HEADER ** Received: from [79.186.114.208] [79.186.114.208] by mail.nnepa.com with ESMTP (SMTPD-8.22) id A25D01E4; Wed, 09 Jul 2008 23:38:53 -0500 Message-ID: <[EMAIL PROTECTED]> From: "giraud bryan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: **SPAM**credit history Date: Thu, 10 Jul 2008 02:51:27 + MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 X-invURIBL-Scan: Scanned by invURIBL 3.1.1 on 7/9/2008 11:40:06 PM X-invURIBL-Weight: 0 X-invURIBL-Range: CLEAN X-RBL-Warning: SNIFFER: Message failed SNIFFER: 58. X-RBL-Warning: FILTER-COUNTRY: Message failed FILTER-COUNTRY test (line 174, weight 0) X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [79.186.114.208] X-Declude-Spoolname: D925c01be747b.smd X-Declude-RefID: str=0001.0A010202.4875276F.00B8,ss=4,sh,fgs=0 X-Declude-Note: Scanned by Declude 4.3.64 for spam. "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [18] at 23:40:14 on 09 Jul 2008 X-Declude-Tests: SNIFFER [18], FILTER-COUNTRY [0], WEIGHT10 [10], WEIGHT15 [15], ZEROHOUR [0] X-Country-Chain: POLAND->destination X-Declude-Code: f X-Helo: [79.186.114.208] X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 515451365 X-IMail-ThreadID: 925c01be747b BODY ** Do Not consolidate your debt Eliminate it! Legally ELIMINATE your credit card and other unsecured debt * WITHOUT ever making another payment to your creditors * WITHOUT it affecting your credit long-term * WITHOUT confrontation Visit www.joinedtodayi.com This IS NOT: * Bankruptcy * Consolidation * Or refinancing of any kind Visit here www.joinedtodayi.com to learn how * Must have a minimum of $10K in combined household unsecured debt to apply. * Must be a US resident. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, July 09, 2008 2:24 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Overnight Spam Increase? We got slammed at about 9 am EST time today, causing delays, most of the increase looks like backscatter. David B -----Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Wednesday, July 09, 2008 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Overnight Spam Increase? Hi Everyone - There was an unusually high increase in the amount of spam for me to review when I got to the office this morning, and more making it through to my email than usual (still scanned and marked appropriately). Is anyone else seeing this? Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubs
RE: [Declude.JunkMail] Overnight Spam Increase?
Thanks David. What I'm seeing is legitimate spam that while it is going through Declude - most is marked as spam - it's not scoring quite high enough to get held. Normally my Junk E-mail folder in Outlook (used to catch what little does make it through) has about 10 from the evening before. This morning, I had 140 in there. The strange part is that it looks like "old school" spam - credit card stuff, meds, etc. But when I look at the headers I can see it is going through the filters. Below is an example of one such emails, with the header information before the body. (note my hold weight is at 19) Todd HEADER ** Received: from [79.186.114.208] [79.186.114.208] by mail.nnepa.com with ESMTP (SMTPD-8.22) id A25D01E4; Wed, 09 Jul 2008 23:38:53 -0500 Message-ID: <[EMAIL PROTECTED]> From: "giraud bryan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: **SPAM**credit history Date: Thu, 10 Jul 2008 02:51:27 + MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 X-invURIBL-Scan: Scanned by invURIBL 3.1.1 on 7/9/2008 11:40:06 PM X-invURIBL-Weight: 0 X-invURIBL-Range: CLEAN X-RBL-Warning: SNIFFER: Message failed SNIFFER: 58. X-RBL-Warning: FILTER-COUNTRY: Message failed FILTER-COUNTRY test (line 174, weight 0) X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [79.186.114.208] X-Declude-Spoolname: D925c01be747b.smd X-Declude-RefID: str=0001.0A010202.4875276F.00B8,ss=4,sh,fgs=0 X-Declude-Note: Scanned by Declude 4.3.64 for spam. "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [18] at 23:40:14 on 09 Jul 2008 X-Declude-Tests: SNIFFER [18], FILTER-COUNTRY [0], WEIGHT10 [10], WEIGHT15 [15], ZEROHOUR [0] X-Country-Chain: POLAND->destination X-Declude-Code: f X-Helo: [79.186.114.208] X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 515451365 X-IMail-ThreadID: 925c01be747b BODY ** Do Not consolidate your debt Eliminate it! Legally ELIMINATE your credit card and other unsecured debt * WITHOUT ever making another payment to your creditors * WITHOUT it affecting your credit long-term * WITHOUT confrontation Visit www.joinedtodayi.com This IS NOT: * Bankruptcy * Consolidation * Or refinancing of any kind Visit here www.joinedtodayi.com to learn how * Must have a minimum of $10K in combined household unsecured debt to apply. * Must be a US resident. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, July 09, 2008 2:24 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Overnight Spam Increase? We got slammed at about 9 am EST time today, causing delays, most of the increase looks like backscatter. David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Wednesday, July 09, 2008 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Overnight Spam Increase? Hi Everyone - There was an unusually high increase in the amount of spam for me to review when I got to the office this morning, and more making it through to my email than usual (still scanned and marked appropriately). Is anyone else seeing this? Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Overnight Spam Increase?
Hi Everyone - There was an unusually high increase in the amount of spam for me to review when I got to the office this morning, and more making it through to my email than usual (still scanned and marked appropriately). Is anyone else seeing this? Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Undeliverable mails
Hi Linda - Is this filter the same one that is on the website? I have seen and downloaded it, but have not implemented it yet. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Linda Pagillo Sent: Monday, April 28, 2008 12:48 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] Undeliverable mails Glen, this is an ongoing problem lately. Backscatter is at an all time high. I have a filter that will stop this. Could you please send me a copy of your global.cfg file? _ From: "Cybercorp Computers -- Glen Spidal" <[EMAIL PROTECTED]> Sent: Sunday, April 27, 2008 10:06 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Undeliverable mails I'm on imail 9 with declude. I have users sending coments like this: We just got hit with something big- you might want to check things out. I received 28 delivery failure notices- postmaster dameon. in 2 minutes! Didn't open anything- just was looking to see if I had any new mail. I notice the spam folder also contains them! I had one user get 600 of these in two days. Any advice? Glen Spidal Hillsboro, Oregon 97123 PH: 503-648-1133 -- FX: 503-648-4651 [EMAIL PROTECTED] www.cybercorpinc.com <http://www.cybercorpinc.com/> --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forged-Spam Backscatter
Jim - I'm running the exact same set up as you are. We had the same problem about two weeks ago. I don't know if this made much difference or not, but I noticed the domains that we were seeing this with did not have any SPF records in place. So when I saw this sudden increase come through, I added a strict SPF policy for that domain. The backscatter for that domain all but stopped. A few days later, a different domain was targeted - without an SPF record - and adding one seemed to cure that. This happened a few more times, with the results all the same. I'm not at an expert level to say whether this did or did not do the trick. Perhaps it was just coincidental. All the new domains that are set up and running services through us get strict SPF records put in place from the start. However, the older domains that have been around for a while - that didn't have SPF in place - were the ones that seemed to have had the problem. And since then, we haven't had any more problems with that. I can't say for sure that them having their email addresses on their websites was the problem for sure or not. For what it's worth, my "new" policy is to not put email addresses on public websites. Anyway, just thought I would throw that out there. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Comerford Sent: Thursday, April 03, 2008 1:46 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Forged-Spam Backscatter Over the last several weeks we have seen a dramatic increase in spam hitting our server. From about 70,000 mails a day to around 110,000 /day. Most destined for our users is getting properly filtered by declude. What is getting thru is backscatter from spam that is forging addresses from domains we host. It seems just about any address that is posted on a website seems to be being used to forge outgoing spam (not from our server) -- and is generating all sorts of bounce messages. I suspect there is not much I can do to block this backscatter without blocking legit bounce messages... but I thought I'd ask. Here is our config: Imail 8.22 Declude 4.3.64 invURIBL 3.1.1 Sniffer --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Reasons to renew
I totally agree with Dan’s email. Declude has been working great for us, so it’s money well spent. On the other hand, our IMail SA just expired, which cost us close to $1000 a year and a half ago, and I was never satisfied to the point where I could upgrade. So that amounted to worthless money spent. I’m pretty comfortable when David says an update is available that it really is ready. The support – esp. Linda – has been fantastic. Our SA with Declude is up in June. I have every intention of renewing. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Shadix Sent: Wednesday, April 02, 2008 1:50 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Reasons to renew I, for one, like infrequent but solid updates. I don’t have time to be constantly installing and testing updates, especially if they are problematic. Also, Declude is the only affordable anti-virus / anti-spam e-mail solution that I’ve encountered. I haven’t really been looking lately but the others that I’ve seen were a lot more expensive. Everyone has to choose the product that works for them. Declude works for me. Dan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 02, 2008 11:58 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Reasons to renew Kevin, Every effort has been made to ensure that major releases are problem free, this has been the reason for the delay in major releases, however if you notice that between major releases we make available several interim releases just as Scott had done in the past. Reasons for Service Agreement renewal 1. Unlimited telephone and email support 2. AVG virus signatures for 12 months 3. ZEROHOUR updates for 12 months (After initial activation) 4. Any release of the software during 12 months 5. Upgrades and releases of new files like all_list.dat etc. 6. Access to Declude filter updates 7. Maintenance of a continued SA is required by our T&S which means if you lapse you can be charged the extra difference to be brought up to date. 8. Last but not least a team that is dedicated to it’s customers. 9. NOWHERE can you get this for the price you pay as a perpetual license customer. If you do have an alternative that can compare feel free to post it. As for the ZEROHOUR the way it was implemented was different to the other tests so it is on our dev list but not with a high priority other items that come before it are things like integration with the new message sniffer dll in development. A new test being evaluated called FST. Compatibility with SM 5.x – Compatibility with IMAIL 10.x etc etc. David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Wednesday, April 02, 2008 1:14 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Reasons to renew After seeing Matt’s post here about not renewing his JunkMail subscription. I’m asking Declude to respond to the group as to why any of us with perpetual licensing. Our SA expires soon and I would like to know the value of renewing. The updates to Declude have been extremely slow and in some cases painful since Scott sold out. Any idea when ZEROHOUR will be available for use in %TESTSFAILED% Kevin Bilbee Network Administrator Standard Abrasives 3M Simi Valley [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade?
Thanks Matt. I agree, and I appreciate the feedback. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, March 11, 2008 2:06 PM To: declude.junkmail@declude.com Subject: Re: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade? Todd, My response really had nothing to do with you, but was my reaction to SmarterTools and how they have gone past the limit of what the bulk of the market is willing to pay. They could still increase revenues in other ways, such as pushing software upgrade agreements at lower prices, pushing out new fantastic functionality that everyone will want to have, and actually marketing the availability of these things instead of expecting their customers to always come to them. They could make up in volume that they would be losing in gross profit. So because they are boneheads, we are paying more and more. My "upgrade" this year will cost nearly as much as my full version did before. Those are sharp increases in price, and need I not remind everyone what happened to Ipswitch's business when they pulled this stunt? Matt Todd Richards wrote: Matt - I'm not arguing, but simply asking as I'm looking at moving to SM. Our license with Ipswitch is 3x that of the same version of SM. The service agreement that we purchased - but never used (because I never had enough faith in the new version of IMail) is almost twice the cost of purchasing SM new. From what I've heard from everyone I've talked to, SM actually works, so the support calls are minimal anyway. You do get free updates within the version. So if once a year I have to buy the newest version at 65% of the retail, which is still much cheaper than Imail, I'm not sure what the difference is? My SA with Imail actually just expired as I haven't had a chance to test SM yet. So my dilemma is do I renew my Imail SA at almost $1000,so I can continue running 8.22, or purchase a brand new version of SM for half that through Declude, and have the features that work that we've been waiting for? As for the software protection, I was working with a rep from SmarterMail at the start of February. He informed me right then and there that they were planning a release at the end of Q1, and that I would get the new update. Doing the math, that is almost 45 days on the bat. So either they actually keep their promises (unlike Ipswitch) or they would have stretched that time to take care of me. Again, maybe I'm missing something so this wasn't to start an argument. And I apologize for continuing the OT email. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, March 10, 2008 5:17 PM To: declude.junkmail@declude.com Subject: Re: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade? Wow. One thing immediately pops into my head...these people are greedy as hell! Prices continue to rise with each successive version, and they continue this odd behavior of not selling software subscriptions, but instead charging 65% of the original price for upgrades. This might be all fine and dandy except for the fact that they are on a one-year upgrade cycle, they stop updating previous versions, and you don't get a support contract with your purchase. Of course this flies in the face of the reality of the market where hosting is heavily commoditized and only getting worse. SmarterMail works well, but it's a shame that they don't understand the economies of their customers, and that works against them. I would definitely argue that by not offering a software subscription at a reasonable and standard market rate of 30% of full retail price, they fail to capture a good deal of upgrade potential and therefore upgrade revenue, and they lose goodwill by having fewer customers due to this pricing. They also lose customers by only offering 45 days (formerly 30 days) of protection for new purchases, so anyone thinking about buying it now would be better off waiting for the release just to guarantee that they weren't stuck on an unsupported version of the product. That's hugely boneheaded of them. So it would be close to a wash in revenue to do something as typical and expected as to have a software subscription for a standard market rate. Matt --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade?
Agreed 100%! J Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Tuesday, March 11, 2008 9:07 AM To: declude.junkmail@declude.com Subject: RE: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade? Better the devil you know. Make sure smartermail works for you before switching. Kindest Regards Craig Edmonds 123 Marbella Internet www.123marbella.net From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: 11 March 2008 15:00 To: declude.junkmail@declude.com Subject: RE: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade? Matt - I'm not arguing, but simply asking as I'm looking at moving to SM. Our license with Ipswitch is 3x that of the same version of SM. The service agreement that we purchased - but never used (because I never had enough faith in the new version of IMail) is almost twice the cost of purchasing SM new. From what I've heard from everyone I've talked to, SM actually works, so the support calls are minimal anyway. You do get free updates within the version. So if once a year I have to buy the newest version at 65% of the retail, which is still much cheaper than Imail, I'm not sure what the difference is? My SA with Imail actually just expired as I haven't had a chance to test SM yet. So my dilemma is do I renew my Imail SA at almost $1000,so I can continue running 8.22, or purchase a brand new version of SM for half that through Declude, and have the features that work that we've been waiting for? As for the software protection, I was working with a rep from SmarterMail at the start of February. He informed me right then and there that they were planning a release at the end of Q1, and that I would get the new update. Doing the math, that is almost 45 days on the bat. So either they actually keep their promises (unlike Ipswitch) or they would have stretched that time to take care of me. Again, maybe I'm missing something so this wasn't to start an argument. And I apologize for continuing the OT email. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, March 10, 2008 5:17 PM To: declude.junkmail@declude.com Subject: Re: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade? Wow. One thing immediately pops into my head...these people are greedy as hell! Prices continue to rise with each successive version, and they continue this odd behavior of not selling software subscriptions, but instead charging 65% of the original price for upgrades. This might be all fine and dandy except for the fact that they are on a one-year upgrade cycle, they stop updating previous versions, and you don't get a support contract with your purchase. Of course this flies in the face of the reality of the market where hosting is heavily commoditized and only getting worse. SmarterMail works well, but it's a shame that they don't understand the economies of their customers, and that works against them. I would definitely argue that by not offering a software subscription at a reasonable and standard market rate of 30% of full retail price, they fail to capture a good deal of upgrade potential and therefore upgrade revenue, and they lose goodwill by having fewer customers due to this pricing. They also lose customers by only offering 45 days (formerly 30 days) of protection for new purchases, so anyone thinking about buying it now would be better off waiting for the release just to guarantee that they weren't stuck on an unsupported version of the product. That's hugely boneheaded of them. So it would be close to a wash in revenue to do something as typical and expected as to have a software subscription for a standard market rate. Matt --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade?
Matt - I'm not arguing, but simply asking as I'm looking at moving to SM. Our license with Ipswitch is 3x that of the same version of SM. The service agreement that we purchased - but never used (because I never had enough faith in the new version of IMail) is almost twice the cost of purchasing SM new. From what I've heard from everyone I've talked to, SM actually works, so the support calls are minimal anyway. You do get free updates within the version. So if once a year I have to buy the newest version at 65% of the retail, which is still much cheaper than Imail, I'm not sure what the difference is? My SA with Imail actually just expired as I haven't had a chance to test SM yet. So my dilemma is do I renew my Imail SA at almost $1000,so I can continue running 8.22, or purchase a brand new version of SM for half that through Declude, and have the features that work that we've been waiting for? As for the software protection, I was working with a rep from SmarterMail at the start of February. He informed me right then and there that they were planning a release at the end of Q1, and that I would get the new update. Doing the math, that is almost 45 days on the bat. So either they actually keep their promises (unlike Ipswitch) or they would have stretched that time to take care of me. Again, maybe I'm missing something so this wasn't to start an argument. And I apologize for continuing the OT email. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, March 10, 2008 5:17 PM To: declude.junkmail@declude.com Subject: Re: AW: AW: [Declude.JunkMail] Hardware upgrade -Software Crossgrade? Wow. One thing immediately pops into my head...these people are greedy as hell! Prices continue to rise with each successive version, and they continue this odd behavior of not selling software subscriptions, but instead charging 65% of the original price for upgrades. This might be all fine and dandy except for the fact that they are on a one-year upgrade cycle, they stop updating previous versions, and you don't get a support contract with your purchase. Of course this flies in the face of the reality of the market where hosting is heavily commoditized and only getting worse. SmarterMail works well, but it's a shame that they don't understand the economies of their customers, and that works against them. I would definitely argue that by not offering a software subscription at a reasonable and standard market rate of 30% of full retail price, they fail to capture a good deal of upgrade potential and therefore upgrade revenue, and they lose goodwill by having fewer customers due to this pricing. They also lose customers by only offering 45 days (formerly 30 days) of protection for new purchases, so anyone thinking about buying it now would be better off waiting for the release just to guarantee that they weren't stuck on an unsupported version of the product. That's hugely boneheaded of them. So it would be close to a wash in revenue to do something as typical and expected as to have a software subscription for a standard market rate. Matt --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Delay between recipients setting
Anyone using the "Delay between recipients" in SMTP Advanced. Does this affect Authenticated users? We have one client that sends a mailout weekly of about 20k messages during the middle of the day and it tends to load the server for an hour or two. Would this throttle his inbound connects so that they come in at a slower rate even if he is authenticated? Any down side to using this setting and what would be a good recommended setting? Todd Hunter Smart Mail --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New PDF worm?
Thanks Darin. I have adjusted for me, and will see what happens. Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, August 07, 2007 9:02 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] New PDF worm? I whipped this up mid afternoon, and it's catching them for us. An earlier version this morning didn't catch the entire campaign. - MINWEIGHTTOFAIL 23 SKIPIFWEIGHT 250 REVDNS END ENDSWITH .smarsh.com HEADERS 10 CONTAINS X-Mailer: Microsoft Outlook Express 6.00.2900.3138 BODY 1 CONTAINS BODY 1 CONTAINS BODY 1 CONTAINS BODY 1 CONTAINS BODY 1 CONTAINS BODY 10 CONTAINS Content-Type: application/pdf; - My delete weight is 250, so I skip if it has already reached that weight. Smarsh sends one of our customers a lot of PDFs, so I made sure their emails wouldn't trigger this. There are liable to be FPs, so I would weight this enough to hold, but not to delete. Darin. - Original Message ----- From: Todd Richards <mailto:[EMAIL PROTECTED]> To: declude.junkmail@declude.com Sent: Tuesday, August 07, 2007 9:39 PM Subject: RE: [Declude.JunkMail] New PDF worm? I received one right away too. It did trigger, but with a weight of 5 it wasn't enough to stop it from making it through. On the flip side, you have to be careful that you don't stop legitimate PDF files. Kind of a tough one... Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 8:02 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? It didn't work. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, August 07, 2007 6:39 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Thanks David. We'll (ok, I'll) give it a whirl! Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 6:23 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Ok this should hold it over till I can look at it some more tomorrow. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 6:45 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? This is not an easy one I will see what I can get done before I leave today. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 5:25 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? David, I just sent you a bunch of samples. If you can update the filter before you knock off for the day I'd appreciate it. We've probably had 50 of them get through already today. Thanks, Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 4:03 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? >From reports today looks like the filter needs to be updated. Can you send me some examples as attachments. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 3:15 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? I installed the filter below and we've had about 50 PDFs that came through today. Does the filter need to be revised or is there some other method I should be looking into using? Thanks! Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, July 02, 2007 12:35 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Create a filter eg FILTER-PDF.txt and use the following lines. Adjust your weights accordingly. Also ensure you are running Declude 4.3.46 BODY 3 PCRE (JVBERi0xLjMgCjEgMCBvYmoKPDwKPj4KZW5kb2JqCjIgMCBvYmo) BODY 5 PCRE (-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)+(?:\r\n){1,}-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)*Content-Type: application/pdf;) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katie LaSalle-Lowery Sent: Monday, July 02, 2007 1:28 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? We've been suffering .pdf spam getting through the filter. What settings are you using that's identifying these as spam? We're seeing an overall increase in spam getting through the filter the last few weeks... Thanks, Katie _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SJ.Stanaitis Sent: Wednesday, June 27, 2007 9:17 AM To: declude.junkmail@declude.c
RE: [Declude.JunkMail] New PDF worm?
I received one right away too. It did trigger, but with a weight of 5 it wasn't enough to stop it from making it through. On the flip side, you have to be careful that you don't stop legitimate PDF files. Kind of a tough one... Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 8:02 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? It didn't work. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, August 07, 2007 6:39 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Thanks David. We'll (ok, I'll) give it a whirl! Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 6:23 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Ok this should hold it over till I can look at it some more tomorrow. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 6:45 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? This is not an easy one I will see what I can get done before I leave today. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 5:25 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? David, I just sent you a bunch of samples. If you can update the filter before you knock off for the day I'd appreciate it. We've probably had 50 of them get through already today. Thanks, Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 4:03 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? >From reports today looks like the filter needs to be updated. Can you send me some examples as attachments. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 3:15 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? I installed the filter below and we've had about 50 PDFs that came through today. Does the filter need to be revised or is there some other method I should be looking into using? Thanks! Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, July 02, 2007 12:35 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Create a filter eg FILTER-PDF.txt and use the following lines. Adjust your weights accordingly. Also ensure you are running Declude 4.3.46 BODY 3 PCRE (JVBERi0xLjMgCjEgMCBvYmoKPDwKPj4KZW5kb2JqCjIgMCBvYmo) BODY 5 PCRE (-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)+(?:\r\n){1,}-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)*Content-Type: application/pdf;) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katie LaSalle-Lowery Sent: Monday, July 02, 2007 1:28 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? We've been suffering .pdf spam getting through the filter. What settings are you using that's identifying these as spam? We're seeing an overall increase in spam getting through the filter the last few weeks... Thanks, Katie _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SJ.Stanaitis Sent: Wednesday, June 27, 2007 9:17 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] New PDF worm? I'm getting gobs of PDF's snagged in my antispam filter, they're not triggering any AV yet, anyone else seeing this? SJ.Stanaitis - Network Administrator Decorative Product Source, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EM
RE: [Declude.JunkMail] New PDF worm?
Thanks David. We'll (ok, I'll) give it a whirl! Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 6:23 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Ok this should hold it over till I can look at it some more tomorrow. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 6:45 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? This is not an easy one I will see what I can get done before I leave today. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 5:25 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? David, I just sent you a bunch of samples. If you can update the filter before you knock off for the day I'd appreciate it. We've probably had 50 of them get through already today. Thanks, Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 4:03 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? >From reports today looks like the filter needs to be updated. Can you send me some examples as attachments. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 3:15 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? I installed the filter below and we've had about 50 PDFs that came through today. Does the filter need to be revised or is there some other method I should be looking into using? Thanks! Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, July 02, 2007 12:35 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Create a filter eg FILTER-PDF.txt and use the following lines. Adjust your weights accordingly. Also ensure you are running Declude 4.3.46 BODY 3 PCRE (JVBERi0xLjMgCjEgMCBvYmoKPDwKPj4KZW5kb2JqCjIgMCBvYmo) BODY 5 PCRE (-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)+(?:\r\n){1,}-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)*Content-Type: application/pdf;) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katie LaSalle-Lowery Sent: Monday, July 02, 2007 1:28 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? We've been suffering .pdf spam getting through the filter. What settings are you using that's identifying these as spam? We're seeing an overall increase in spam getting through the filter the last few weeks... Thanks, Katie _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SJ.Stanaitis Sent: Wednesday, June 27, 2007 9:17 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] New PDF worm? I'm getting gobs of PDF's snagged in my antispam filter, they're not triggering any AV yet, anyone else seeing this? SJ.Stanaitis - Network Administrator Decorative Product Source, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED],
RE: [Declude.JunkMail] New PDF worm?
David - I sent you about 10 off-list. Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, August 07, 2007 4:03 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? >From reports today looks like the filter needs to be updated. Can you send me some examples as attachments. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, August 07, 2007 3:15 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? I installed the filter below and we've had about 50 PDFs that came through today. Does the filter need to be revised or is there some other method I should be looking into using? Thanks! Dave _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, July 02, 2007 12:35 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Create a filter eg FILTER-PDF.txt and use the following lines. Adjust your weights accordingly. Also ensure you are running Declude 4.3.46 BODY 3 PCRE (JVBERi0xLjMgCjEgMCBvYmoKPDwKPj4KZW5kb2JqCjIgMCBvYmo) BODY 5 PCRE (-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)+(?:\r\n){1,}-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)*Content-Type: application/pdf;) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katie LaSalle-Lowery Sent: Monday, July 02, 2007 1:28 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? We've been suffering .pdf spam getting through the filter. What settings are you using that's identifying these as spam? We're seeing an overall increase in spam getting through the filter the last few weeks... Thanks, Katie _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SJ.Stanaitis Sent: Wednesday, June 27, 2007 9:17 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] New PDF worm? I'm getting gobs of PDF's snagged in my antispam filter, they're not triggering any AV yet, anyone else seeing this? SJ.Stanaitis - Network Administrator Decorative Product Source, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Decludeproc Problems - Resolved
Good morning everyone - As you may remember, I had a major problem with the decludeproc service crashing on my server over the weekend. I posted yesterday that, with Linda's help, we figured out the problem. I had a request off-list that I reveal the solution in case others came across the same thing. It turned out that one of my filters was causing the issue. With Linda's help, we went through the global.cfg file and commented out most of "my" filters until decludeproc wouldn't crash anymore (for the rookies out there like me, the \imail\proc\review folder started to fill up when the service crashed). We had an idea of which filter it was, so once we had the service running ok, we would uncomment the filter in the global.cfg file. Sure enough, it crashed again. With it "out of the picture", decludeproc would run fine. I then went through and slowly uncommented the filters we thought were ok, checking the service each time. Linda thought the problem might be the result of my novice attempts at using regular expressions (PCRE) in my filters. After I had confirmed it was the filter we suspected, I went through and commented out the last several PCRE lines I had added. With that, I could once again turn the filter on and decludeproc would run fine. So I have narrowed it down to a few possible PCRE entries that were causing the issue. When I have some time in the next few days, I will probably work with each entry to figure out exactly which one it is. I thought I was starting to get the hang of the PCRE expressions. However, the decludeproc service has "slapped" me back to reality. At least now I realize that I need to be more careful when adding these entries, and what the result is if I'm not! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Problems
OK, please ignore. This "strange" message was the result of our issues that we had over the weekend. Thanks to Linda at Declude, we are pretty much back to normal (or as close as we can get)! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Sunday, August 05, 2007 2:14 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Problems Happy Sunday everyone. We've got some issues with Declude. Basically, nothing is getting filtered. I didn't check mail at all yesterday, and found over 1500 junk messages in my Inbox this morning. If I look at the headers, there is nothing about Declude in them. I rebooted the mail server and when I log in via RDP, I see an error that Decludeproc.exe had an error and needed to close. I hit ok, and it does that again about 5 times. Then it goes away. When I look at the services and see that decludeproc is running. I looked at the server logs this morning and they are completely littered with error messages from decludeproc, starting on Thursday afternoon when I started having a few issues. I have sent a few messages to Declude, realizing that I probably won't hear back until tomorrow. In the meantime, I'm getting some hate mail from our end users. Anyone have any suggestions? Reinstall? Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Problems
Happy Sunday everyone. We've got some issues with Declude. Basically, nothing is getting filtered. I didn't check mail at all yesterday, and found over 1500 junk messages in my Inbox this morning. If I look at the headers, there is nothing about Declude in them. I rebooted the mail server and when I log in via RDP, I see an error that Decludeproc.exe had an error and needed to close. I hit ok, and it does that again about 5 times. Then it goes away. When I look at the services and see that decludeproc is running. I looked at the server logs this morning and they are completely littered with error messages from decludeproc, starting on Thursday afternoon when I started having a few issues. I have sent a few messages to Declude, realizing that I probably won't hear back until tomorrow. In the meantime, I'm getting some hate mail from our end users. Anyone have any suggestions? Reinstall? Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FW: Problems
I didn't see this message come in to the list, so I wasn't sure if it went through or not. An update: I did reinstall Declude, which did not help. Decludeproc is crashing every 1 minute. Todd -Original Message----- From: Todd Richards [mailto:[EMAIL PROTECTED] Sent: Sunday, August 05, 2007 2:14 PM To: 'declude.junkmail@declude.com' Subject: Problems Happy Sunday everyone. We've got some issues with Declude. Basically, nothing is getting filtered. I didn't check mail at all yesterday, and found over 1500 junk messages in my Inbox this morning. If I look at the headers, there is nothing about Declude in them. I rebooted the mail server and when I log in via RDP, I see an error that Decludeproc.exe had an error and needed to close. I hit ok, and it does that again about 5 times. Then it goes away. When I look at the services and see that decludeproc is running. I looked at the server logs this morning and they are completely littered with error messages from decludeproc, starting on Thursday afternoon when I started having a few issues. I have sent a few messages to Declude, realizing that I probably won't hear back until tomorrow. In the meantime, I'm getting some hate mail from our end users. Anyone have any suggestions? Reinstall? Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam Increase?
Anyone else noticing an increase in spam today? It seems like stuff that was normally being caught before is showing up in my Inbox. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Zip files
Hi Everyone - It's hit and miss, but today I received several of the small zip files. A quick glance and they were either txt files or .exe files. All were between 5-25K in size. How is everyone else handling these? I was almost wondering if there is a way to say (in general terms) "IF file = zip, then -5, and if size < 30K, then minus 10". Some way to deduct for the small zip file if that makes sense. Anyway, if anyone has any suggestions, I'm all ears! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Excel files in zip files spreading
Yeah, I started seeing these today too. Anyone have anything set up to catch them? Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Saturday, July 28, 2007 11:59 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Excel files in zip files spreading Yes, I see that now. What caught me off guard was the blank subject line this time, as before the subject line contained the name of the file. Thanks. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Saturday, July 28, 2007 9:46 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Excel files in zip files spreading John, It's just another one of the viruses from the Storm botnet. Same guys as the ones sending fake greeting card viruses and PDF stock spam among other things. Matt John T (lists) wrote: I am not sure what is the purpose yet, but I am catching a lot of emails this morning with a blank subject, Thunderbird in the header, attached zip file and the zip file contains an single xls file. THESE ARE NOT LEGIT EMAILS. Any body else seeing this and know what they are, virus or spam? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] frustration
We are running Declude, invURIBL, and Sniffer. We are not using Commtouch. For those of you running the first three, how much impact did you see by adding Commtouch? Our management is very happy with the current set up, esp. compared to what we used to have. However, I do spend a few hours per week tweaking settings to achieve that. Uwe, I second (or third) the others that Declude (a fantastic product) on it's own won't get you want you want/need. As I mentioned, we are not running Commtouch, but I noticed an improvement when I added invURIBL, and another when I added Sniffer. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Thursday, July 19, 2007 1:31 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] frustration We are on SmarterMail 3.x and run invURIBL and Commtouch ZEROHOUR. We do not run sniffer. We get very few smaps to the user boxes. Most users get none and the heavier email user get 1-3 a day. We delete about 85% of incoming spam the other 14% get held for review and less than one half of one percent gets through to mailboxes. Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Uwe Degenhardt > Sent: Wednesday, July 18, 2007 10:46 PM > To: Craig Edmonds (123marbella.com) > Subject: Re: [Declude.JunkMail] frustration > > Hi Craig and everybody who answered my contribution. > It was more a sign of my deep desperation I sometimes feel. > But I get new hope now. Obviously with Declude alone (We run > Smartermail 3.x) we can't catch them all. > I will try Sniffer, invURIBL and Commtouch. > I hope they all run with SM. > Thanks everybody. > Uwe > > > > Same Here. > > > Subscribe to the following plugins in addition to > Declude...(unfortunately > > on its own its not enough unless you sit tweaking it all day > everyday) > > > Sniffer from Armresearch > > invURIBL from invariant systems > > ZEROHOUR from Commtouch > > > With that combo you cant go wrong. > > > Kindest Regards > > Craig Edmonds > > 123 Marbella Internet > > W: www.123marbella.net > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Darin > > Cox > > Sent: 18 July 2007 23:57 > > To: declude.junkmail@declude.com > > Subject: Re: [Declude.JunkMail] frustration > > > We're running pretty well... catching somewhere between 99.7% and > 99.9% of > > incoming spam. Declude 2.0.6 (waiting on Imail 2006 to stabilize > before > > upgrading to the latest version) on IMail 8.22, along with Sniffer > and > > invURIBL. > > > Darin. > > > > - Original Message - > > From: "Uwe Degenhardt" <[EMAIL PROTECTED]> > > To: > > Sent: Wednesday, July 18, 2007 5:33 PM > > Subject: [Declude.JunkMail] frustration > > > > Hi everybody on the list, please excuse me, but I would like to > > share my frustration with you. I am poured with SPAM the last > > two-to-three weeks. It gets worse every day. Am I the only one who > > is seeing this ? > > I am in a good contact with David > > of Declude. He is doing a fantastic > > job, but sometimes I loose my faith > > and my trust, that we can win the SPAM-fight. > > It appeals to me, as it is like the old > > principle: If you put water on the fire at one place, you have to > > run to the next place to delete it there too. And the SPAMMERs will > > get cleverer everyday. > > What do you guys think ? > > Are you frustrated as well ? > > > Uwe > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > -- > Mit freundlichen Grüßen > Uwe Degenhardt > mailto:[EMAIL PROTECTED] > > > > > > > --- > This
RE: [Declude.JunkMail] AntiVirus Recommendations
How long ago did you try the Clan AV? I know they released a newer version a while back that was supposed to run more efficiently under windows and reduce resource utilization. I am old school about AV, I think multiple virus scanners are a must. But then I have run multiple scanners for years and I always find virus detected by the second scanner that shouldn't have gotten past the first. Its kind of enlightening when you think you are covered and then you add a second scanner and see its catch things that should be there. Todd Hunter Progressive Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Schreiner Sent: Thursday, July 05, 2007 8:23 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] AntiVirus Recommendations We have been using F-Prot for several years with great success. Their new mail server licensing change is too expensive. We tried the free Clam AV, but with heavy volume CPU was reaching 100%. I know Declude has built-in Virus Scanner, but we have always run F-Prot in addition. It seems necessary for extra protection, but perhaps now overkill? What are others using or recommend? What is best Virus scanner to keep the CPU cycles reasonable? We are running IMail 8.22, Declude 4.X, Message Sniffer, and invURI. Thanks. -Don Sent via CompBiz.net --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RE: Various Greeting Card messages
Hi David - I am using this PCRE filter that has been very effective. I also received a legitimate ecard after this was set up, so it's been working pretty good. SUBJECT 10 PCRE (?i:receive.*(postcard|greeting|e.?card)) Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kornitz, David Sent: Thursday, July 12, 2007 2:35 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] RE: Various Greeting Card messages Has anyone found (or come up with) an effect filter for all of the greeting card messages floating around. I have been playing with them, but in doing so, I end up blocking legitimate cards. Any suggestions would be greatly appreciated. Davud --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PCRE tests
Hi David - Thanks for the tips - very good information for this beginner. I changed the "e-card" one below to only look at the subject, as that is the one that I have seen. However, I had another one for some stocks that I had set up the same, and since I do want it to look "anywhere" I used your suggestion. I did try (\bERMX\b) the other day, but didn't have it combined with the ?i:, so it wasn't working. I will give this a shot. Thanks! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, July 09, 2007 7:47 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests Hi Todd, A couple of suggestions (?i:receive.*(postcard|greeting|ecard|e-card)) could also be written as: (?i:receive.{0,50}(postcard|greeting|e.?card)) As you are checking anywhere you want to limit the amount of characters between receive and the postcard etc. if you were using SUBJECT the .* would be fine. Also the ecard|e-card is better written as e.?card that is e.(anychar)?{0,1}card Secondly (?i:ERMX) will produce false positives because of BASE64 encoding which uses strings of "random" characters, it would be better to use the word break which is \b so you could do it like (?i:\bERMX\b) David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, July 06, 2007 12:15 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests UGGH, it always takes sending something to a LOT of people for you to see how dumb you are... I thought I had the postcard test (which is what I had been troubleshooting) set up for "ANYWHERE", but it's just looking in the body and probably not finding a match. It's been more common on the Subject. Let me change that and report back! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, July 06, 2007 10:59 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests Hi David - Yes, I just confirmed that I have 4.3.46. Below are two that I just put in. By the way, I warn at 15, fail at 20, and delete at 45. Thanks! Todd # for the postcard greetings that are going through (aka "You've received a postcard from a Partner!") BODY10 PCRE (?i:receive.*(postcard|greeting|ecard|e-card)) # for the stock spam coming through for ERMX (aka "Stock Watch ERMX") BODY20 PCRE(?i:ERMX) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, July 06, 2007 10:18 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests Todd, Ensure you have version 4.3.46 of Declude. The format of an expression is: LOCATIONWEIGHT PCRE(EXPRESSION) Eg. BODY5 PCRE(?i:Hello World) Post some examples that you are using but not getting hits. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, July 06, 2007 11:08 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] PCRE tests Is there anything special that I need to have "turned on" to take advantage of this? I've been playing around with it, and really like what it can do. Being a complete newbie to regex, I've been using Regex Buddy to test the expressions before putting them into "production". However, I'm not seeing any hits in the emails. I have not turned on logging (sorry!) but was wondering if I need to add any additional information to the config files for this to be noticed, or if it is by default. I am running the latest version. Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail&
RE: [Declude.JunkMail] PCRE tests
OK, it's working. Sorry for the false alarm! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, July 06, 2007 11:15 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests UGGH, it always takes sending something to a LOT of people for you to see how dumb you are... I thought I had the postcard test (which is what I had been troubleshooting) set up for "ANYWHERE", but it's just looking in the body and probably not finding a match. It's been more common on the Subject. Let me change that and report back! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PCRE tests
UGGH, it always takes sending something to a LOT of people for you to see how dumb you are... I thought I had the postcard test (which is what I had been troubleshooting) set up for "ANYWHERE", but it's just looking in the body and probably not finding a match. It's been more common on the Subject. Let me change that and report back! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, July 06, 2007 10:59 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests Hi David - Yes, I just confirmed that I have 4.3.46. Below are two that I just put in. By the way, I warn at 15, fail at 20, and delete at 45. Thanks! Todd # for the postcard greetings that are going through (aka "You've received a postcard from a Partner!") BODY10 PCRE (?i:receive.*(postcard|greeting|ecard|e-card)) # for the stock spam coming through for ERMX (aka "Stock Watch ERMX") BODY20 PCRE(?i:ERMX) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, July 06, 2007 10:18 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests Todd, Ensure you have version 4.3.46 of Declude. The format of an expression is: LOCATIONWEIGHT PCRE(EXPRESSION) Eg. BODY5 PCRE(?i:Hello World) Post some examples that you are using but not getting hits. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, July 06, 2007 11:08 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] PCRE tests Is there anything special that I need to have "turned on" to take advantage of this? I've been playing around with it, and really like what it can do. Being a complete newbie to regex, I've been using Regex Buddy to test the expressions before putting them into "production". However, I'm not seeing any hits in the emails. I have not turned on logging (sorry!) but was wondering if I need to add any additional information to the config files for this to be noticed, or if it is by default. I am running the latest version. Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PCRE tests
Yeah, just checked - it's there. :) Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, July 06, 2007 10:53 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests Also make sure there is the pcre3.dll in your imail folder. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, July 06, 2007 10:18 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests Todd, Ensure you have version 4.3.46 of Declude. The format of an expression is: LOCATIONWEIGHT PCRE(EXPRESSION) Eg. BODY5 PCRE(?i:Hello World) Post some examples that you are using but not getting hits. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, July 06, 2007 11:08 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] PCRE tests Is there anything special that I need to have "turned on" to take advantage of this? I've been playing around with it, and really like what it can do. Being a complete newbie to regex, I've been using Regex Buddy to test the expressions before putting them into "production". However, I'm not seeing any hits in the emails. I have not turned on logging (sorry!) but was wondering if I need to add any additional information to the config files for this to be noticed, or if it is by default. I am running the latest version. Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PCRE tests
Hi David - Yes, I just confirmed that I have 4.3.46. Below are two that I just put in. By the way, I warn at 15, fail at 20, and delete at 45. Thanks! Todd # for the postcard greetings that are going through (aka "You've received a postcard from a Partner!") BODY10 PCRE (?i:receive.*(postcard|greeting|ecard|e-card)) # for the stock spam coming through for ERMX (aka "Stock Watch ERMX") BODY20 PCRE(?i:ERMX) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, July 06, 2007 10:18 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] PCRE tests Todd, Ensure you have version 4.3.46 of Declude. The format of an expression is: LOCATIONWEIGHT PCRE(EXPRESSION) Eg. BODY5 PCRE(?i:Hello World) Post some examples that you are using but not getting hits. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, July 06, 2007 11:08 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] PCRE tests Is there anything special that I need to have "turned on" to take advantage of this? I've been playing around with it, and really like what it can do. Being a complete newbie to regex, I've been using Regex Buddy to test the expressions before putting them into "production". However, I'm not seeing any hits in the emails. I have not turned on logging (sorry!) but was wondering if I need to add any additional information to the config files for this to be noticed, or if it is by default. I am running the latest version. Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] PCRE tests
Is there anything special that I need to have "turned on" to take advantage of this? I've been playing around with it, and really like what it can do. Being a complete newbie to regex, I've been using Regex Buddy to test the expressions before putting them into "production". However, I'm not seeing any hits in the emails. I have not turned on logging (sorry!) but was wondering if I need to add any additional information to the config files for this to be noticed, or if it is by default. I am running the latest version. Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases
David - On the topic of updates (for a newbie), the release notes for 4.3.40 mention that you "removed the following IP4R tests". However, my cfg file still has them. Are these just suggested changes? I always wondered how the cfg file is updated without overwriting my changes, but also getting yours. I am on the very latest and greatest version and am wondering what else I am missing. Thanks! Todd PS - I also was having the same issue with UCEPROTECT 1/2 and just now lowered the weights to the suggested values. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, April 19, 2007 9:50 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases Different reasons, slow performance etc, in the case of ORDB it shut down. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Thursday, April 19, 2007 10:23 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases Hi, Just read the release notes and noticed that you deleted some tests as well. Why were those deleted? Ineffective of deprecated lists? p.s. Just reduced the weight on UCEPROTEC 1 a 2 to the new level. I'll install the latest version this evening, I'm still running 4.3.23 but I have 2 other virus test. ;-) Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] / <http://www.tio.nl> www.tio.nl - Original Message - From: David <mailto:[EMAIL PROTECTED]> Barker To: declude.junkmail@declude.com Sent: Thursday, April 19, 2007 3:06 PM Subject: RE: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases Also if you check our release notes http://www.declude.com/searchresults.asp?Cat=89 you will see that we had suggested lowering the weights on UCEPROTECT1 and UCEPROTECT2 David Barker Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, April 19, 2007 7:04 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases Yeah, UCEPROTECT in particular seems to have added a lot of major ISPs recently. We started counterweighting ISPs by REVDNS, but we were spending too much time doing that, so we reduced the weight of the UCEPROTECT1 and UCEPROTECT2 tests. Darin. - Original Message - From: Bonno Bloksma <mailto:[EMAIL PROTECTED]> To: Declude.JunkMail@declude.com Sent: Thursday, April 19, 2007 6:57 AM Subject: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases Hi, How do you guys deal with it, LOTS of legit mailservers are listed in what used to be reliable spamsender databases. X-RBL-Warning: SPAMBAG: 109.176.216.212.blacklist.spambag.org. X-RBL-Warning: SPAMCANNIBAL: "blocked, See: http://www.spamcannibal.org/cannibal.cgi?page=lookup <http://www.spamcannibal.org/cannibal.cgi?page=lookup&lookup=212.216.176.109 > &lookup=212.216.176.109" X-RBL-Warning: UCEPROTECT-1: "Sorry 212.216.176.109 is Level 1 listed at UCEPROTECT-NETWORK. See http://www.uceprotect.net/rblcheck.php?ipr=212.216.176.109"; X-RBL-Warning: UCEPROTECT-2: "Sorry 212.216.176.109 is Level 2 listed at UCEPROTECT-NETWORK. See http://www.uceprotect.net/rblcheck.php?ipr=212.216.176.109"; But 212.216.176.109 is a normail mailserver vsmtp21.tin.it and is trying to deliver mail from a "customer" to us. Have spammers won this race, can we no longer trust these databases? Is there a ip list with "all" legitimate mailservers for most ISP that I can use to reduce points? For the hotmail mailservers it was easy to reduce the points, it's a lot harder to do for all the other "real" mailservers. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> / www.tio.nl <http://www.tio.nl> --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an
RE: [Declude.JunkMail] Warning re: "DECLUDE - CRITICAL VIRUS SCANNING UPDATE"
Hi Dave - I actually just installed it (didn't see your message in time) and mine appears to be working. Todd _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Monday, April 16, 2007 6:12 PM To: declude.junkmail@declude.com; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Warning re: "DECLUDE - CRITICAL VIRUS SCANNING UPDATE" I attempted to install this update on my server. The package is apparently missing a DLL. The decludeproc service would not start, and the pop-up said to contact support. The update email was issued at 5:15 PM, and Declude was closed. I left a message. I got back up and running by reinstalling the previous update and rebooting. I strongly suggest that you DO NOT install this update until Declude can figure out what's wrong with it! -Dave Doherty Skywaves, Inc. 97 Webster Street Worcester, MA 01603 508-425-7176 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Header Help
Ugghhh... I had IPBYPASS set up for the old IP address, but it changed recently and I changed it everywhere but here. Thanks for the kick, Andy! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, April 11, 2007 10:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Header Help Hi, Then you should set up an IP Bypass or that IP address. This will Declude will NOT to count that first header as the source, but rather look at the SECOND header to see who SENT to your backup mail server. Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Wednesday, April 11, 2007 8:58 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Header Help Hi Everyone - Just looking at some of the spam that Declude has caught (using fpReview - thanks Darrell!) I see this line in each message: X-Declude-Sender: [EMAIL PROTECTED] [70.165.109.2] That IP address is the IP of our "backup mail server". I see it a LOT in the spam messages. Does this mean that my backup mail server is the culprit for most of my spam? Thanks for any thoughts or suggestions. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Header Help
Hi Everyone - Just looking at some of the spam that Declude has caught (using fpReview - thanks Darrell!) I see this line in each message: X-Declude-Sender: [EMAIL PROTECTED] [70.165.109.2] That IP address is the IP of our "backup mail server". I see it a LOT in the spam messages. Does this mean that my backup mail server is the culprit for most of my spam? Thanks for any thoughts or suggestions. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Negative weight isn't working
Andrew - I learn a lot from people on this list, and you are no exception. I looked to see why the email failed the FILTER-SPAM test, and it was because of "ad.doubleclick.net". I think that is common for some of the more well-known "news" newsletters that I've seen failing. What I could do is give less points for that particular penalty (it's at 15 now and this newsletter missed passing altogether by just 3 points), and then re-visit some of the others that are coming in. I'm still getting a handful of messages that are making it through, and you'd think they would be obvious. Like you said, it's a sort of science and I, for one, apprecaite the time that goes into making this work. This particular negative-weight test probably has way too high, so I think I will adjust those too. I think as I gain a better understanding of what I'm looing for, and how everything works, I will undoubtedly have to tweak things. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, November 09, 2006 3:32 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working No problem, Todd. To answer your question in the other thread, yes, more specific is more better. On the other hand, you also have to look at what you're really trying to counterweight. In this case, you could certainly counterweight both the REVDNS of their mailserver, and the particular MAILFROM email address too, but after visiting the site, I suspect that you really don't care about the MAILFROM. You can use the REVDNS -30 ENDSWITH .ibsys.com Just fine. If you do use a MAILFROM, don't use much weight, because viruses harvest all email addresses from the infectee and report them back to the virus writer or spammer, and that address becomes a spoofed MAILFROM later down the road. Viruses also spoof the HELO, so a: HELO -30 ENDSWITH comcast.com Or REVDNS -30 ENDSWITH .comcast.com Would be a bad thing to put in your counterweight file, because a virus is quite likely to come from a zombie on that network. What I'd suggest you do for ibsys.com is look at your FILTER-SPAM test and see why it gave 15 points to this email. You will likely get better mileage (i.e. spend less of your time on your counterweight file making exceptions for MTAs) by assigning only incremental points to text values in your filter files, don't look for the "big win" by blocking small text phrases or small bits of text in a URL. To go the extra mile (hey, a driving theme today [pun intended]) why not decide which IP4R tests you trust, and/or which external tests you trust, and cancel the dangerously punitive text files? At the top of your FILTER-SPAM test, you *could* put in: TESTSFAILED END CONTAINS MXRATE-ALLOW And then messages like this sample wouldn't have received any points from the FILTER-SPAM test, you would save CPU time on your server, save your user's time in figuring out that they didn't receive that inbound message, and save your time on finding the false positives and making counterweight entries. The downside of making a "cancel line" in your filter files is that MXRATE-ALLOW will trigger on, say, a well known ISPs' MTA, and you *want* to do content filtering on, say, scam text that is so common from HotMail, Yahoo!, and various international free webmail providers that you wouldn't otherwise hear about. Most Declude users end up with filter files that are focused on kinds of spam and tweak their "cancel lines" accordingly. There is a great deal of art to this science. Andrew 8) > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Todd Richards > Sent: Thursday, November 09, 2006 12:42 PM > To: declude.junkmail@declude.com > Subject: RE: [Declude.JunkMail] Negative weight isn't working > > Thanks Andrew. I'm starting to catch on. The good news is that > everyone "else" thinks I'm a miracle worker because of the drastic > decrease in spam. > One of these days I'll break down and tell them the truth. > So if you all happen to start getting "Thank You" cards from people > you don't know, that's probably why... > > Todd > > > -Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Colbeck, Andrew > Sent: Thursday, November 09, 2006 2:23 PM > To: declude.junkmail@declude.com > Subject: RE: [Declude.JunkMail] Negative weight isn't working > > Todd, do this from a command line: > > C:\Temp>nslookup 66.187.204.25 > Server: Andrew's.obfuscated.dns.server > Address: 192.168.0.1 > > Name:treets100.ibsys.com > Address: 66.187.204.25 > > C:\Tem
RE: [Declude.JunkMail] Negative weight isn't working
Thanks Andrew. I'm starting to catch on. The good news is that everyone "else" thinks I'm a miracle worker because of the drastic decrease in spam. One of these days I'll break down and tell them the truth. So if you all happen to start getting "Thank You" cards from people you don't know, that's probably why... Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, November 09, 2006 2:23 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working Todd, do this from a command line: C:\Temp>nslookup 66.187.204.25 Server: Andrew's.obfuscated.dns.server Address: 192.168.0.1 Name:treets100.ibsys.com Address: 66.187.204.25 C:\Temp> That tells me that your REVDNS won't match, because their reverse DNS is *not* the same as the HELO value that you used for your REVDNS test. The same is also true for your use of the MAILFROM, which does not have to match the From: address you see in the header. Look at the X-Declude-Sender: line in the header that has been marked up. The MAILFROM was really "[EMAIL PROTECTED]". Andrew 8) > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Todd Richards > Sent: Thursday, November 09, 2006 11:44 AM > To: declude.junkmail@declude.com > Subject: RE: [Declude.JunkMail] Negative weight isn't working > > OK, here is an update with the header of the particular message. > > Todd > > > Received: from treetso101.mtc.ibsys.com [66.187.204.25] by > mail.nnepa.com with ESMTP > (SMTPD-8.22) id ACCC0340; Thu, 09 Nov 2006 12:00:44 -0600 > Date: Thu, 9 Nov 2006 12:02:02 -0600 (CST) > From: "KETV.com Newsroom" <[EMAIL PROTECTED]> > Reply-to: [EMAIL PROTECTED] > Message-Id: <[EMAIL PROTECTED]> > X-unsub: ?unsub.cfm?u=2656017216813-oma_12pm-oma_12pm_1_12000311092006 > Subject: [21] KETV.com Noon Headlines > To: <[EMAIL PROTECTED]> > Content-type: text/html; charset=us-ascii > X-RBL-Warning: MXRATE-ALLOW: "GOOD SENDER" > X-RBL-Warning: HELOBOGUS: Domain treetso101.mtc.ibsys.com has no MX or > A records [0301]. > X-RBL-Warning: FILTER-SPAM: Message failed FILTER-SPAM test (line 55, > weight > 15) > X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 76, > weight 4) > X-RBL-Warning: WEIGHT10: Weight of 21 reaches or exceeds the limit of > 10. > X-Declude-Sender: [EMAIL PROTECTED] [66.187.204.25] > X-Declude-Spoolname: D6ccc08932bf7.smd > X-Declude-RefID: > X-Declude-Note: Scanned by Declude 4.3.14 for spam. > "http://www.declude.com/x-note.htm"; > X-Declude-Scan: Incoming Score [21] at 12:01:18 on 09 Nov 2006 > X-Declude-Fail: MXRATE-ALLOW [-3], HELOBOGUS [5], FILTER-SPAM [15], > GIBBERISH [4], WEIGHT10 [10], WEIGHT15 [15], WEIGHT19 [19], WEIGHT19a > [19] > X-Country-Chain: UNITED STATES->destination > X-RCPT-TO: <[EMAIL PROTECTED]> > Status: U > X-UIDL: 463090338 > X-IMail-ThreadID: 6ccc08932bf7 > X-Antivirus: AVG for E-mail 7.5.431 [268.14.0/524] > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Todd Richards > Sent: Thursday, November 09, 2006 1:19 PM > To: declude.junkmail@declude.com > Subject: RE: [Declude.JunkMail] Negative weight isn't working > > Hi David - > > OK, it appears that it is running the test. Here is a snip of the > log: > > 11/09/2006 13:14:20.937 q7df6083c3523.smd Doing filter file > D:\imail\Declude\Filters\FILTER-SPAM.txt. > 11/09/2006 13:14:21.312 q7df6083c3523.smd Doing filter file > D:\imail\Declude\Filters\FILTER-GERMAN.txt. > 11/09/2006 13:14:21.390 q7df6083c3523.smd Doing filter file > D:\imail\Declude\Filters\FILTER-SURBL.txt. > 11/09/2006 13:14:21.390 q7df6083c3523.smd Filter: Will stop at > first hit. > 11/09/2006 13:14:21.781 q7df6083c3523.smd Doing filter file > D:\iMail\Declude\Filters\Gibberish.txt. > 11/09/2006 13:14:22.875 q7df6083c3523.smd Doing filter file > D:\iMail\Declude\Filters\Anti-Gibberish.txt. > 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file > D:\imail\Declude\Filters\FILTER-COUNTRY.txt. > 11/09/2006 13:14:23.953 q7df6083c3523.smd Checking > countries: US . > 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file > D:\IMail\Declude\filters\allowlist_low.txt. > 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file > D:\IMail\Declude\filters\allowlist_med.txt. > 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file > D:\IMail\Declude\filters\allowlist_high.txt. > 11/09/2006 13:14:23.968 q7df6083c3523.s
RE: [Declude.JunkMail] Negative weight isn't working
Oh Geesss (head down, walking towards corner)... Seeing that (now), what's the best practice? MAILFROM [EMAIL PROTECTED] Or MAILFROM @mailer.ibsys.com I would think the more specific, the better. Thanks, David! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, November 09, 2006 2:02 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working The actual MAILFROM is: X-Declude-Sender: [EMAIL PROTECTED] [66.187.204.25] Not From: "KETV.com Newsroom" <[EMAIL PROTECTED]> David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, November 09, 2006 2:44 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working OK, here is an update with the header of the particular message. Todd Received: from treetso101.mtc.ibsys.com [66.187.204.25] by mail.nnepa.com with ESMTP (SMTPD-8.22) id ACCC0340; Thu, 09 Nov 2006 12:00:44 -0600 Date: Thu, 9 Nov 2006 12:02:02 -0600 (CST) From: "KETV.com Newsroom" <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> X-unsub: ?unsub.cfm?u=2656017216813-oma_12pm-oma_12pm_1_12000311092006 Subject: [21] KETV.com Noon Headlines To: <[EMAIL PROTECTED]> Content-type: text/html; charset=us-ascii X-RBL-Warning: MXRATE-ALLOW: "GOOD SENDER" X-RBL-Warning: HELOBOGUS: Domain treetso101.mtc.ibsys.com has no MX or A records [0301]. X-RBL-Warning: FILTER-SPAM: Message failed FILTER-SPAM test (line 55, weight 15) X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 76, weight 4) X-RBL-Warning: WEIGHT10: Weight of 21 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [66.187.204.25] X-Declude-Spoolname: D6ccc08932bf7.smd X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.3.14 for spam. "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [21] at 12:01:18 on 09 Nov 2006 X-Declude-Fail: MXRATE-ALLOW [-3], HELOBOGUS [5], FILTER-SPAM [15], GIBBERISH [4], WEIGHT10 [10], WEIGHT15 [15], WEIGHT19 [19], WEIGHT19a [19] X-Country-Chain: UNITED STATES->destination X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 463090338 X-IMail-ThreadID: 6ccc08932bf7 X-Antivirus: AVG for E-mail 7.5.431 [268.14.0/524] -----Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, November 09, 2006 1:19 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working Hi David - OK, it appears that it is running the test. Here is a snip of the log: 11/09/2006 13:14:20.937 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-SPAM.txt. 11/09/2006 13:14:21.312 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-GERMAN.txt. 11/09/2006 13:14:21.390 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-SURBL.txt. 11/09/2006 13:14:21.390 q7df6083c3523.smd Filter: Will stop at first hit. 11/09/2006 13:14:21.781 q7df6083c3523.smd Doing filter file D:\iMail\Declude\Filters\Gibberish.txt. 11/09/2006 13:14:22.875 q7df6083c3523.smd Doing filter file D:\iMail\Declude\Filters\Anti-Gibberish.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-COUNTRY.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Checking countries: US . 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_low.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_med.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_high.txt. 11/09/2006 13:14:23.968 q7df6083c3523.smd nIPNOTINMX:-3 . Total weight = -3. However, before I ran the Debug mode I had one of the emails in question caught in the trap, and there was nothing in the headers about an "allowlist_med". Which means that there must be something not right in the filter itself. This particular newsletter is listed in my ALLOWLIST_MED as a MAILFROM with the full email address of [EMAIL PROTECTED] Is there a better way to do that? Should I wait to see what the logs look like on the debug mode when the next one comes through later today? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, November 09, 2006 12:07 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working Todd, Run you global.cfg on DEBUG see if the test is being called correctly. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, November 09,
RE: [Declude.JunkMail] Negative weight isn't working
OK, here is an update with the header of the particular message. Todd Received: from treetso101.mtc.ibsys.com [66.187.204.25] by mail.nnepa.com with ESMTP (SMTPD-8.22) id ACCC0340; Thu, 09 Nov 2006 12:00:44 -0600 Date: Thu, 9 Nov 2006 12:02:02 -0600 (CST) From: "KETV.com Newsroom" <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> X-unsub: ?unsub.cfm?u=2656017216813-oma_12pm-oma_12pm_1_12000311092006 Subject: [21] KETV.com Noon Headlines To: <[EMAIL PROTECTED]> Content-type: text/html; charset=us-ascii X-RBL-Warning: MXRATE-ALLOW: "GOOD SENDER" X-RBL-Warning: HELOBOGUS: Domain treetso101.mtc.ibsys.com has no MX or A records [0301]. X-RBL-Warning: FILTER-SPAM: Message failed FILTER-SPAM test (line 55, weight 15) X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 76, weight 4) X-RBL-Warning: WEIGHT10: Weight of 21 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [66.187.204.25] X-Declude-Spoolname: D6ccc08932bf7.smd X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.3.14 for spam. "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [21] at 12:01:18 on 09 Nov 2006 X-Declude-Fail: MXRATE-ALLOW [-3], HELOBOGUS [5], FILTER-SPAM [15], GIBBERISH [4], WEIGHT10 [10], WEIGHT15 [15], WEIGHT19 [19], WEIGHT19a [19] X-Country-Chain: UNITED STATES->destination X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 463090338 X-IMail-ThreadID: 6ccc08932bf7 X-Antivirus: AVG for E-mail 7.5.431 [268.14.0/524] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, November 09, 2006 1:19 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working Hi David - OK, it appears that it is running the test. Here is a snip of the log: 11/09/2006 13:14:20.937 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-SPAM.txt. 11/09/2006 13:14:21.312 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-GERMAN.txt. 11/09/2006 13:14:21.390 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-SURBL.txt. 11/09/2006 13:14:21.390 q7df6083c3523.smd Filter: Will stop at first hit. 11/09/2006 13:14:21.781 q7df6083c3523.smd Doing filter file D:\iMail\Declude\Filters\Gibberish.txt. 11/09/2006 13:14:22.875 q7df6083c3523.smd Doing filter file D:\iMail\Declude\Filters\Anti-Gibberish.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-COUNTRY.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Checking countries: US . 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_low.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_med.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_high.txt. 11/09/2006 13:14:23.968 q7df6083c3523.smd nIPNOTINMX:-3 . Total weight = -3. However, before I ran the Debug mode I had one of the emails in question caught in the trap, and there was nothing in the headers about an "allowlist_med". Which means that there must be something not right in the filter itself. This particular newsletter is listed in my ALLOWLIST_MED as a MAILFROM with the full email address of [EMAIL PROTECTED] Is there a better way to do that? Should I wait to see what the logs look like on the debug mode when the next one comes through later today? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, November 09, 2006 12:07 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working Todd, Run you global.cfg on DEBUG see if the test is being called correctly. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, November 09, 2006 11:54 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Negative weight isn't working Hi Everyone - I've been playing with some negative weighting, but it doesn't seem to be working. I have the following in my global.cfg file (down towards the bottom): ALLOWLIST_MED filter D:\IMail\Declude\filters\allowlist_med.txt x -30 0 In my allowlist_med.txt file, I have the following entries: MAILFROM0 ENDSWITH[EMAIL PROTECTED] REVDNS 0 ENDSWITH.asaenet.org However, these messages are still getting caught. When I look at the headers, it doesn't even appear that it is running this test. I have the test listed in $default$.junkmail as ALLOWLIST_MED WARN And in diags.txt as ALLOWLIST_MED FILTER I would like to add some others as well but need to get at least one working first. Any help is appreciated (as
RE: [Declude.JunkMail] Negative weight isn't working
Hi David - OK, it appears that it is running the test. Here is a snip of the log: 11/09/2006 13:14:20.937 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-SPAM.txt. 11/09/2006 13:14:21.312 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-GERMAN.txt. 11/09/2006 13:14:21.390 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-SURBL.txt. 11/09/2006 13:14:21.390 q7df6083c3523.smd Filter: Will stop at first hit. 11/09/2006 13:14:21.781 q7df6083c3523.smd Doing filter file D:\iMail\Declude\Filters\Gibberish.txt. 11/09/2006 13:14:22.875 q7df6083c3523.smd Doing filter file D:\iMail\Declude\Filters\Anti-Gibberish.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\imail\Declude\Filters\FILTER-COUNTRY.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Checking countries: US . 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_low.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_med.txt. 11/09/2006 13:14:23.953 q7df6083c3523.smd Doing filter file D:\IMail\Declude\filters\allowlist_high.txt. 11/09/2006 13:14:23.968 q7df6083c3523.smd nIPNOTINMX:-3 . Total weight = -3. However, before I ran the Debug mode I had one of the emails in question caught in the trap, and there was nothing in the headers about an "allowlist_med". Which means that there must be something not right in the filter itself. This particular newsletter is listed in my ALLOWLIST_MED as a MAILFROM with the full email address of [EMAIL PROTECTED] Is there a better way to do that? Should I wait to see what the logs look like on the debug mode when the next one comes through later today? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, November 09, 2006 12:07 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Negative weight isn't working Todd, Run you global.cfg on DEBUG see if the test is being called correctly. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, November 09, 2006 11:54 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Negative weight isn't working Hi Everyone - I've been playing with some negative weighting, but it doesn't seem to be working. I have the following in my global.cfg file (down towards the bottom): ALLOWLIST_MED filter D:\IMail\Declude\filters\allowlist_med.txt x -30 0 In my allowlist_med.txt file, I have the following entries: MAILFROM0 ENDSWITH[EMAIL PROTECTED] REVDNS 0 ENDSWITH.asaenet.org However, these messages are still getting caught. When I look at the headers, it doesn't even appear that it is running this test. I have the test listed in $default$.junkmail as ALLOWLIST_MED WARN And in diags.txt as ALLOWLIST_MED FILTER I would like to add some others as well but need to get at least one working first. Any help is appreciated (as always)! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Negative weight isn't working
Hi Everyone - I've been playing with some negative weighting, but it doesn't seem to be working. I have the following in my global.cfg file (down towards the bottom): ALLOWLIST_MED filter D:\IMail\Declude\filters\allowlist_med.txt x -30 0 In my allowlist_med.txt file, I have the following entries: MAILFROM0 ENDSWITH[EMAIL PROTECTED] REVDNS 0 ENDSWITH.asaenet.org However, these messages are still getting caught. When I look at the headers, it doesn't even appear that it is running this test. I have the test listed in $default$.junkmail as ALLOWLIST_MED WARN And in diags.txt as ALLOWLIST_MED FILTER I would like to add some others as well but need to get at least one working first. Any help is appreciated (as always)! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting based on rev dns
Thanks Darrell. That's a great feature (and I just purchased an fpReview license)! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, November 08, 2006 3:52 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Todd, As you know headers can be forged so its always best to manually look-up the IP. As you said earlier you are using fpReview. In the headers view you can right click and select resolve ip's to hostnames to get the reverse dns. Than after that you can highlight any of the text and automatically create a revdns entry in a filter. We have a quick overview video showing the basic features at http://www.invariantsystems.com/fpreview/screencaptures.htm under video. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message ----- From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 08, 2006 4:13 PM Subject: RE: [Declude.JunkMail] whitelisting based on rev dns Is the Reverse DNS in the headers anywhere? I've just been going out to DNSReports.com and pulling it for the ones I want to add. Easier way? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Evanitsky Sent: Wednesday, November 08, 2006 12:56 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Importance: High On Nov 8, 2006, at 1:24 PM, Craig Edmonds wrote: > How can I whitelist based on Reverse DNS? Create a filter with lines like REVDNS xxx ENDSWITH .abcdefghi.com where xxx is weight to apply. Xxx could be a very high number to cause the message to be deleted or it could be a negative number. In my revdns spam filter I also have the following lines at the top to save processor usage SKIPIFWEIGHT xx STOPATFIRSTHIT If the message's weight already exceeds xx the filter will be skipped. Later, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting based on rev dns
Is the Reverse DNS in the headers anywhere? I've just been going out to DNSReports.com and pulling it for the ones I want to add. Easier way? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Evanitsky Sent: Wednesday, November 08, 2006 12:56 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Importance: High On Nov 8, 2006, at 1:24 PM, Craig Edmonds wrote: > How can I whitelist based on Reverse DNS? Create a filter with lines like REVDNS xxx ENDSWITH .abcdefghi.com where xxx is weight to apply. Xxx could be a very high number to cause the message to be deleted or it could be a negative number. In my revdns spam filter I also have the following lines at the top to save processor usage SKIPIFWEIGHT xx STOPATFIRSTHIT If the message's weight already exceeds xx the filter will be skipped. Later, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with Configuration
Which is what we want to do. I changed my configs and instead of routing to a mailbox, am "holding". The only real reason I wanted to separate was because searhing through a mailbox was a PIA. I downloaded the trial of fpReview as suggested by John and will try that (so far it looks like a great utility!). Thanks! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, November 07, 2006 6:19 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Help with Configuration Unless, as some prefer, you want to mark the subject in addition to holding. In that case, the old weight statements fit perfectly instead of the newer weightrange. Darin. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, November 07, 2006 2:58 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Help with Configuration Look at using "weightrange" instead of weight to define your weighted tests. It simplifies the weighting and makes it clear on what will happen to the message. Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Todd Richards > Sent: Tuesday, November 07, 2006 11:19 AM > To: declude.junkmail@declude.com > Subject: [Declude.JunkMail] Help with Configuration > > Hey Everyone - > > We are just getting things tuned to the point where we are truly happy > with the results we are seeing. What I am trying to do now is help > myself monitor the "close calls". I was sending everything between > "caught" > and > "delete" to a spam mailbox so that I could check for any false > positives. > However, with my new success, that is getting out of hand. So what I > would like to do is set up a new account to help with the overflow and > allow me to really monitor the close ones. > > Here is my weights in my global.cfg file: > > WEIGHT10 WARN > WEIGHT15 WARN > WEIGHT19 HOLD > WEIGHT32 HOLD > WEIGHT60 DELETE > > Here is the corresponding actions that I have in my $default$.junkmail > file: > > WEIGHT10 WARN > WEIGHT15 SUBJECT **SPAM** > WEIGHT19 ROUTETO [EMAIL PROTECTED] > WEIGHT19a SUBJECT [%WEIGHT%] > WEIGHT32 ROUTETO [EMAIL PROTECTED] > WEIGHT32a SUBJECT [%WEIGHT%] > WEIGHT60 DELETE > > My plan with the above is to send everything with a weight of 19-31 to > [EMAIL PROTECTED], and everything from 32-59 to [EMAIL PROTECTED] > What I am hoping to accomplish by this is to keep a closer eye on > those email that might accidentally be caught. Right now, 95% of the > messages are ending up in the [EMAIL PROTECTED] mailbox even if they > are above the WEIGHT32 (which should then go to "spam2"). However, it > does appear that everything over 60 is being deleted. I've checked > all of the config files to make sure I have things set up right, and > it does appear that way. Am I missing something, or is there > something diferent that I should be doing? > > Thanks! > > Todd > > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with Configuration
Thanks John. I will look at fpReview. Yeah, browsing the mailbox is a bit slow... :( Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Tuesday, November 07, 2006 2:44 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Help with Configuration What I do is send those grey ones to HOLD and then use fpReview to directly view them and take appropriate action. Much faster and easier than using a mailbox. John T eServices For You "Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882) > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Todd Richards > Sent: Tuesday, November 07, 2006 11:19 AM > To: declude.junkmail@declude.com > Subject: [Declude.JunkMail] Help with Configuration > > Hey Everyone - > > We are just getting things tuned to the point where we are truly happy with > the results we are seeing. What I am trying to do now is help myself > monitor the "close calls". I was sending everything between "caught" > and "delete" to a spam mailbox so that I could check for any false positives. > However, with my new success, that is getting out of hand. So what I would > like to do is set up a new account to help with the overflow and allow > me to > really monitor the close ones. > > Here is my weights in my global.cfg file: > > WEIGHT10 WARN > WEIGHT15 WARN > WEIGHT19 HOLD > WEIGHT32 HOLD > WEIGHT60 DELETE > > Here is the corresponding actions that I have in my $default$.junkmail file: > > WEIGHT10 WARN > WEIGHT15 SUBJECT **SPAM** > WEIGHT19 ROUTETO [EMAIL PROTECTED] > WEIGHT19a SUBJECT [%WEIGHT%] > WEIGHT32 ROUTETO [EMAIL PROTECTED] > WEIGHT32a SUBJECT [%WEIGHT%] > WEIGHT60 DELETE > > My plan with the above is to send everything with a weight of 19-31 to > [EMAIL PROTECTED], and everything from 32-59 to [EMAIL PROTECTED] > What I am hoping to accomplish by this is to keep a closer eye on > those email that might accidentally be caught. Right now, 95% of the > messages are ending up > in the [EMAIL PROTECTED] mailbox even if they are above the WEIGHT32 > (which should then go to "spam2"). However, it does appear that > everything over 60 > is being deleted. I've checked all of the config files to make sure I have > things set up right, and it does appear that way. Am I missing > something, or is there something diferent that I should be doing? > > Thanks! > > Todd > > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with Configuration
Thanks Kevin. This is what I was wondering about, so I will look into how to implement. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, November 07, 2006 2:58 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Help with Configuration Look at using "weightrange" instead of weight to define your weighted tests. It simplifies the weighting and makes it clear on what will happen to the message. Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Todd Richards > Sent: Tuesday, November 07, 2006 11:19 AM > To: declude.junkmail@declude.com > Subject: [Declude.JunkMail] Help with Configuration > > Hey Everyone - > > We are just getting things tuned to the point where we are truly happy > with the results we are seeing. What I am trying to do now is help > myself monitor the "close calls". I was sending everything between > "caught" > and > "delete" to a spam mailbox so that I could check for any false > positives. > However, with my new success, that is getting out of hand. So what I > would like to do is set up a new account to help with the overflow and > allow me to really monitor the close ones. > > Here is my weights in my global.cfg file: > > WEIGHT10 WARN > WEIGHT15 WARN > WEIGHT19 HOLD > WEIGHT32 HOLD > WEIGHT60 DELETE > > Here is the corresponding actions that I have in my $default$.junkmail > file: > > WEIGHT10 WARN > WEIGHT15 SUBJECT **SPAM** > WEIGHT19 ROUTETO [EMAIL PROTECTED] > WEIGHT19a SUBJECT [%WEIGHT%] > WEIGHT32 ROUTETO [EMAIL PROTECTED] > WEIGHT32a SUBJECT [%WEIGHT%] > WEIGHT60 DELETE > > My plan with the above is to send everything with a weight of 19-31 to > [EMAIL PROTECTED], and everything from 32-59 to [EMAIL PROTECTED] > What I am hoping to accomplish by this is to keep a closer eye on > those email that might accidentally be caught. Right now, 95% of the > messages are ending up in the [EMAIL PROTECTED] mailbox even if they > are above the WEIGHT32 (which should then go to "spam2"). However, it > does appear that everything over 60 is being deleted. I've checked > all of the config files to make sure I have things set up right, and > it does appear that way. Am I missing something, or is there > something diferent that I should be doing? > > Thanks! > > Todd > > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with Configuration
That's what I was wondering too, but then I wondered why it would make it to the WEIGHT60 and get deleted? I think what Kevin suggested with the weightranges would probably work. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Tuesday, November 07, 2006 3:34 PM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] Help with Configuration Is it because when it reaches WEIGHT19 and does the ROUTETO [EMAIL PROTECTED], the message is delivered? Then when it tries to perform the action of WEIGHT32 the message is already gone? Does Declude allow for multiple instances of the same action where subsequent actions are performed, or does it perform the action of the same type that occurs first? Is there a precedence on actions of the same type or not? The manual describes precedence for actions of different type (HOLD over WARN for example) but what about actions of the same type (one ROUTETO versus another ROUTETO)? Gary Original Message > From: "Todd Richards" <[EMAIL PROTECTED]> > Sent: Tuesday, November 07, 2006 2:47 PM > To: declude.junkmail@declude.com > Subject: [Declude.JunkMail] Help with Configuration > > Hey Everyone - > > We are just getting things tuned to the point where we are truly happy > with the results we are seeing. What I am trying to do now is help > myself monitor the "close calls". I was sending everything between > "caught" and "delete" to a spam mailbox so that I could check for any false positives. > However, with my new success, that is getting out of hand. So what I > would like to do is set up a new account to help with the overflow and > allow me to really monitor the close ones. > > Here is my weights in my global.cfg file: > > WEIGHT10 WARN > WEIGHT15 WARN > WEIGHT19 HOLD > WEIGHT32 HOLD > WEIGHT60 DELETE > > Here is the corresponding actions that I have in my $default$.junkmail file: > > WEIGHT10 WARN > WEIGHT15 SUBJECT **SPAM** > WEIGHT19 ROUTETO [EMAIL PROTECTED] > WEIGHT19a SUBJECT [%WEIGHT%] > WEIGHT32 ROUTETO [EMAIL PROTECTED] > WEIGHT32a SUBJECT [%WEIGHT%] > WEIGHT60 DELETE > > My plan with the above is to send everything with a weight of 19-31 to > [EMAIL PROTECTED], and everything from 32-59 to [EMAIL PROTECTED] > What I am hoping to accomplish by this is to keep a closer eye on > those email that might accidentally be caught. Right now, 95% of the > messages are ending up in the [EMAIL PROTECTED] mailbox even if they > are above the WEIGHT32 (which should then go to "spam2"). However, it > does appear that everything over 60 is being deleted. I've checked > all of the config files to make sure I have things set up right, and > it does appear that way. Am I missing something, or is there something diferent that I should be doing? > > Thanks! > > Todd > > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Help with Configuration
Hey Everyone - We are just getting things tuned to the point where we are truly happy with the results we are seeing. What I am trying to do now is help myself monitor the "close calls". I was sending everything between "caught" and "delete" to a spam mailbox so that I could check for any false positives. However, with my new success, that is getting out of hand. So what I would like to do is set up a new account to help with the overflow and allow me to really monitor the close ones. Here is my weights in my global.cfg file: WEIGHT10 WARN WEIGHT15 WARN WEIGHT19 HOLD WEIGHT32 HOLD WEIGHT60 DELETE Here is the corresponding actions that I have in my $default$.junkmail file: WEIGHT10 WARN WEIGHT15 SUBJECT **SPAM** WEIGHT19 ROUTETO [EMAIL PROTECTED] WEIGHT19a SUBJECT [%WEIGHT%] WEIGHT32 ROUTETO [EMAIL PROTECTED] WEIGHT32a SUBJECT [%WEIGHT%] WEIGHT60 DELETE My plan with the above is to send everything with a weight of 19-31 to [EMAIL PROTECTED], and everything from 32-59 to [EMAIL PROTECTED] What I am hoping to accomplish by this is to keep a closer eye on those email that might accidentally be caught. Right now, 95% of the messages are ending up in the [EMAIL PROTECTED] mailbox even if they are above the WEIGHT32 (which should then go to "spam2"). However, it does appear that everything over 60 is being deleted. I've checked all of the config files to make sure I have things set up right, and it does appear that way. Am I missing something, or is there something diferent that I should be doing? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] One step forward, ten back
Thanks for the feedback everyone. As an update to my other email, I received 38 spam messages in the last 12 hours. From what I was used to, this is a 1000% improvement. Obviously our spam account is filling up so I'm going to sort through them and get a feel for what kind of weights they are hitting, then set something else up accordingly. Again, I appreciate the feedback. This does help a lot! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Friday, November 03, 2006 12:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] One step forward, ten back Yes the can coexist but be sure to use weightrange to instead of weight. SPAM-LOWweightrange x x 8 13 SPAM-MEDweightrange x x 14 24 SPAM-HIGH weight x x 25 0 SPAM-LOWSUBJECT [%WEIGHT%] SPAM-MEDHOLD SPAM-HIGH DELETE > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Dave Doherty > Sent: Thursday, November 02, 2006 9:20 PM > To: declude.junkmail@declude.com > Subject: Re: [Declude.JunkMail] One step forward, ten back > > > > I wondered if it's > > possible to set another one higher to do the deleting, as > I'm seeing a > > lot of stuff at 40 or more. > > Absolutely. Several action directives can coexist peacefully in your > $default$.junkmail file, like this: > > WEIGHT10 SUBJECT [%WEIGHT%] > WEIGHT20 MAILBOX SPAM > WEIGHT30 DELETE > > Any message scoring at least 10 will have the weight added at the head > of the subject in brackets, like: > > [12] Buy My Stuff! > > Any message with 20-29 points will be diverted to the spam folder, and > anything scoring 30+ will be deleted. > > > > > - Original Message - > From: "Todd Richards" <[EMAIL PROTECTED]> > To: > Sent: Thursday, November 02, 2006 11:55 PM > Subject: RE: [Declude.JunkMail] One step forward, ten back > > > > > > Thanks Dave. Actually, I do, but with settings of weight20 > > spam > > mailbox>. I was worried about too many false positives. I > wondered > > mailbox>if > > it's > > possible to set another one higher to do the deleting, as > I'm seeing a > > lot of stuff at 40 or more. > > > > As an update, I found that I had a discrepancy in my weights. I > > corrected that, and my filtering is doing great now. I > logged into my > > spam mailbox a little bit ago and the few hundred messages > that are in > > there are definitely > > spam. So it's catching things now and keeping them from my > mailbox - > > which > > was my main goal. However, now I'd like to clean things up > just a little > > more... > > > > Todd > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Dave Doherty > > Sent: Thursday, November 02, 2006 9:34 PM > > To: declude.junkmail@declude.com > > Subject: Re: [Declude.JunkMail] One step forward, ten back > > > > It seems like you're detecting things OK, but not taking > action on the > > results. > > > > Make sure you have directives like > > > > WEIGHT14MAILBOX SPAM > > WEIGHT20DELETE > > > > in your default.junkmail file > > > > > > > > > > - Original Message - > > From: "Todd Richards" <[EMAIL PROTECTED]> > > To: > > Sent: Thursday, November 02, 2006 7:38 PM > > Subject: [Declude.JunkMail] One step forward, ten back > > > > > >> > >> Hi Everyone - > >> > >> We are getting completely hammered by spam and I'm about > at my wits > >> end. A few weeks ago I added a 30-day trial of Message > Sniffer and it > >> doesn't seem > >> to be doing any good. Today, I upgraded to the newest version of > >> Declude. > >> I "think" everything went ok. After reading through the > documentation > >> (again) I went through my global.cfg file and cleaned up > some things that > >> were questionable. For instance, we had several domains > in the WHITELIST > >> TO > >> and WHITELIST FROM. From what I've read and heard through > the lists, > >> it's > >> not a good idea to whitelist anything.In fact, earlier > today I had > >> some > >> spam come through that was "from" a whitelisted doma
RE: [Declude.JunkMail] One step forward, ten back
Thanks Dave. Actually, I do, but with settings of weight20 . I was worried about too many false positives. I wondered if it's possible to set another one higher to do the deleting, as I'm seeing a lot of stuff at 40 or more. As an update, I found that I had a discrepancy in my weights. I corrected that, and my filtering is doing great now. I logged into my spam mailbox a little bit ago and the few hundred messages that are in there are definitely spam. So it's catching things now and keeping them from my mailbox - which was my main goal. However, now I'd like to clean things up just a little more... Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, November 02, 2006 9:34 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] One step forward, ten back It seems like you're detecting things OK, but not taking action on the results. Make sure you have directives like WEIGHT14MAILBOX SPAM WEIGHT20DELETE in your default.junkmail file - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, November 02, 2006 7:38 PM Subject: [Declude.JunkMail] One step forward, ten back > > Hi Everyone - > > We are getting completely hammered by spam and I'm about at my wits end. > A > few weeks ago I added a 30-day trial of Message Sniffer and it doesn't > seem > to be doing any good. Today, I upgraded to the newest version of Declude. > I "think" everything went ok. After reading through the documentation > (again) I went through my global.cfg file and cleaned up some things that > were questionable. For instance, we had several domains in the WHITELIST > TO > and WHITELIST FROM. From what I've read and heard through the lists, it's > not a good idea to whitelist anything.In fact, earlier today I had > some > spam come through that was "from" a whitelisted domain so it just let it > through. So I commented them out and planned to watch my spam account > (instead of deleting I have caught messages sent to another account for > review) to see the results. > > So... This happened about 5pm tonight. I went through a short spurt but > in > the last 90 minutes since then I alone have received over 150 spam > messages. > Before I made my changes tonight, that is about the number I would receive > in one day (which is still too many). In one message, this was in the > header. To me, it should have failed and been stopped. > > X-Declude-Scan: Incoming Score [39] at 17:59:29 on 02 Nov 2006 > X-Declude-Fail: CBL [6], FIVETEN-SRC [4], SPAMCOP [7], REVDNS [8], ROUTING > [2], SNIFFER [12], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT20a > [20] > > Does anyone have any suggestions to what I might be doing wrong, or what I > should look at next? Would anyone (off-list) be willing to look at my > config files and see if something is apparently wrong? Are there any > sample > files where a newbie might be able to see how others have theirs set up? > I > have been running Declude for over a year, and with the exception of some > minor tweaks, it's pretty much running "out-of-the-box". For those who > are > interested, I'm running Imail 8.22 (with latest hotfix) on Windows 2000 > server, as well as the Declude Suite, Message Sniffer, and inv-URBL 2.7. > > Thanks for any input or direction you can offer. > > Todd > > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] One step forward, ten back
Hi Everyone - We are getting completely hammered by spam and I'm about at my wits end. A few weeks ago I added a 30-day trial of Message Sniffer and it doesn't seem to be doing any good. Today, I upgraded to the newest version of Declude. I "think" everything went ok. After reading through the documentation (again) I went through my global.cfg file and cleaned up some things that were questionable. For instance, we had several domains in the WHITELIST TO and WHITELIST FROM. From what I've read and heard through the lists, it's not a good idea to whitelist anything.In fact, earlier today I had some spam come through that was "from" a whitelisted domain so it just let it through. So I commented them out and planned to watch my spam account (instead of deleting I have caught messages sent to another account for review) to see the results. So... This happened about 5pm tonight. I went through a short spurt but in the last 90 minutes since then I alone have received over 150 spam messages. Before I made my changes tonight, that is about the number I would receive in one day (which is still too many). In one message, this was in the header. To me, it should have failed and been stopped. X-Declude-Scan: Incoming Score [39] at 17:59:29 on 02 Nov 2006 X-Declude-Fail: CBL [6], FIVETEN-SRC [4], SPAMCOP [7], REVDNS [8], ROUTING [2], SNIFFER [12], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT20a [20] Does anyone have any suggestions to what I might be doing wrong, or what I should look at next? Would anyone (off-list) be willing to look at my config files and see if something is apparently wrong? Are there any sample files where a newbie might be able to see how others have theirs set up? I have been running Declude for over a year, and with the exception of some minor tweaks, it's pretty much running "out-of-the-box". For those who are interested, I'm running Imail 8.22 (with latest hotfix) on Windows 2000 server, as well as the Declude Suite, Message Sniffer, and inv-URBL 2.7. Thanks for any input or direction you can offer. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Help - Best Practices
Hi Everyone - First of all, I am running iMail 8.22 on a Windows 2000 server, with Declude 4.09 and invURIBL 2.7. I have a new server on order and will be upgrading to Windows 2003 Server, iMail 2006, and Declude 4.xx in about a month. In the meantime (and probably very much unrelated to the above information)... I'm seeing a lot of spam coming through that I don't think should be making it. I have all the updates that I can find for my current versions of the above. I have not spent much time tweaking so I'm guessing that will be the first place I should start (assuming I figure out exactly what to tweak). When purchased, the above worked fairly well out of the box with some minor adjustments. However, just as times change, so does spam. I have a feeling that is where I am at now. My questions are: - are others also seeing an increase in spam, and if so, what are you doing about it? - is there something else I should be running in addition to the above? We had the "trial" version of MessageSniffer but did not purchase when it quit updating. I don't know if that was the key to our initial success or not. - Last night, for instance, I was seeing a lot of a particular email come in that contained obvious "spam" in the first line ("STOCK A LERT"). So I added another line to my filter-spam.txt file to basically fail these messages. I have not seen any more like it sense. Was that the right move, and is this what it takes to stay on top of it? - Last night I was on Declude's website and ran a BADHEADERS spam test, which made it to my Inbox. I think I need help. I guess I am really wanting to get a better understanding of what practices you are using to combat the day-to-day? Like many on the list I'm sure, I'm a one-man team trying to manage several things at once. I don't expect things to just "work" but they sometimes get pushed aside while they are working. Basically, this is not any more and I want to get back on top of it. I apologize if some of these questions seem obvious but would very much appreciate any feedback or suggestions you have to offer. Thanks! Todd __ Todd Richards [EMAIL PROTECTED] 402.778.7903 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] invURIBL
Hi John. Thanks for the info. It appears that it is working - and making a difference! :) Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Doyle Sent: Saturday, April 08, 2006 6:55 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] invURIBL Todd I added invURBL a couple of months ago. Other than pointing it to a specific Dns, I did not change the config file. They have a good section in the manual about how to config it for use with declude. I raised my domain weight scores for a bit to be sure we were not adding the new invurlb weight to potential false positives, but found few and set them back down to what they were. I think you could add it, as is, without any tweaking and do pretty well. It has worked well for me and I'm happy with the product. Affordable and works as advertised, can't get much better than that. John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, April 07, 2006 7:18 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] invURIBL Per suggestions from others, I am looking to implement invURIBL on our mail server (Imail 8.2x with Declude 4.0.9). I wanted to give it a trial run first, but because of it's low cost and recommendations from others, I will probably just implement it. I'm not much of a tweaker so I'm curious if anyone has any "must tweaks" after installation, or any other recommendations for settings. Thanks for any tips. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] invURIBL
I installed it several days ago and it has been a very effective test. Darrell was also more than helpful about the setup. Todd Hunter Smart Mail - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Friday, April 07, 2006 10:18 AM Subject: [Declude.JunkMail] invURIBL Per suggestions from others, I am looking to implement invURIBL on our mail server (Imail 8.2x with Declude 4.0.9). I wanted to give it a trial run first, but because of it's low cost and recommendations from others, I will probably just implement it. I'm not much of a tweaker so I'm curious if anyone has any "must tweaks" after installation, or any other recommendations for settings. Thanks for any tips. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] invURIBL
Per suggestions from others, I am looking to implement invURIBL on our mail server (Imail 8.2x with Declude 4.0.9). I wanted to give it a trial run first, but because of it's low cost and recommendations from others, I will probably just implement it. I'm not much of a tweaker so I'm curious if anyone has any "must tweaks" after installation, or any other recommendations for settings. Thanks for any tips. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Notification
Thanks Nick and Darin for both of your respones! Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick HayerSent: Friday, April 07, 2006 9:32 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Hijack Notification Hi Todd,I run it every 30 min with the Windows scheduler - -Nick - Original Message - From: Todd Richards To: Declude.JunkMail@declude.com Sent: Friday, April 07, 2006 10:02 AM Subject: RE: [Declude.JunkMail] Hijack Notification Hi Nick - I like this. Do I need to set this up as a task, or how will it run? Thanks for any tips. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nick HayerSent: Monday, April 03, 2006 3:59 PMTake that code, adjust the paths/email addresses as need be, save it as a .vbs file and give it a twirl. Set the count real low so you can see it work and then set it to whatever alarm level you would like --Nick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nick HayerSent: Monday, April 03, 2006 11:03 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Hijack Notification Hi John,>John Doyle wrote: >this guy suggested this.>I'm not sure exactly how. looks like if a count is > some value send the>mail. I was just suggesting that the number of files in the spool dir exceed some number [100?] then send an email. I got the idea from the hijack vbs code [Thanks!] on the declude website which I kludged to work to notify for the spool overflows.. -Nick# spool_mon.vbsfSpool = "e:\imaillogs\spool"aMail = "e:\imail\imail1.exe "mFrom = "-u '[EMAIL PROTECTED]' "mTo1 = "-t '[EMAIL PROTECTED],[EMAIL PROTECTED]' "if GetFileCount(fSpool) > 100 then MailNotice "Spool", GetFileCount(fSpool), mTo1end ifFunction GetFileCount(folderspec) Dim fso, f, f1, fc Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.GetFolder(folderspec) Set fc = f.Files GetFileCount = fc.countEnd FunctionFunction MailNotice(fname, fcount, mTo) Dim mCmd, mSubj, WshShell set WshShell = WScript.CreateObject("WScript.Shell") mSubj = "-s 'Mail held in " & fname & ": " & fcount & "' " mCmd = aMail & mFrom & mTo & mSubj & "-f placeholder.txt" Return = WshShell.Run(mCmd , 1, TRUE)End Function
RE: [Declude.JunkMail] Hijack Notification
Hi Nick - I like this. Do I need to set this up as a task, or how will it run? Thanks for any tips. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick HayerSent: Monday, April 03, 2006 3:59 PMTake that code, adjust the paths/email addresses as need be, save it as a .vbs file and give it a twirl. Set the count real low so you can see it work and then set it to whatever alarm level you would like --Nick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nick HayerSent: Monday, April 03, 2006 11:03 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Hijack Notification Hi John,>John Doyle wrote: >this guy suggested this.>I'm not sure exactly how. looks like if a count is > some value send the>mail. I was just suggesting that the number of files in the spool dir exceed some number [100?] then send an email. I got the idea from the hijack vbs code [Thanks!] on the declude website which I kludged to work to notify for the spool overflows.. -Nick# spool_mon.vbsfSpool = "e:\imaillogs\spool"aMail = "e:\imail\imail1.exe "mFrom = "-u '[EMAIL PROTECTED]' "mTo1 = "-t '[EMAIL PROTECTED],[EMAIL PROTECTED]' "if GetFileCount(fSpool) > 100 then MailNotice "Spool", GetFileCount(fSpool), mTo1end ifFunction GetFileCount(folderspec) Dim fso, f, f1, fc Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.GetFolder(folderspec) Set fc = f.Files GetFileCount = fc.countEnd FunctionFunction MailNotice(fname, fcount, mTo) Dim mCmd, mSubj, WshShell set WshShell = WScript.CreateObject("WScript.Shell") mSubj = "-s 'Mail held in " & fname & ": " & fcount & "' " mCmd = aMail & mFrom & mTo & mSubj & "-f placeholder.txt" Return = WshShell.Run(mCmd , 1, TRUE)End Function
Re: [Declude.JunkMail] This doesnt add up
The gibberish filter has only "body 0" so no weight is posted in the filter. Weight is only assigned by Declude upon failure of the gibberish filter. - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 1:13 PM Subject: Re: [Declude.JunkMail] This doesnt add up You are assigning 30/40 points for the failure of the gibberish filter. Are you also scoring points within the gibberish filter. a body 15 contains text would score 15 for that line matching plus the 30 for the filter matching. - Original Message - From: "Todd" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 12:33 PM Subject: Re: [Declude.JunkMail] This doesnt add up I recently changed the Gibberish weight from 30 to 40. SPFPASS spf pass x 0 0 GIBBERISH filter d:\imail\declude\filters\gibberish.txt x 40 0 SPAMCHK external weight "d:\imail\declude\spamchk\spamchk.exe" - Original Message - From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 12:21 PM Subject: Re: [Declude.JunkMail] This doesnt add up Todd, Can you post your gibberish, spamchk, and spfpass lines from your global.cfg as well. Darrell Todd writes: 04/01/2006 22:28:20 Q52D60D410090E5F8 Could not load filter file d:\imail\declude\filters\navsmtpspam.txt.txt. 04/01/2006 22:28:20 Q52D60D410090E5F8 L1 Message OK 04/01/2006 22:28:20 Q52D60D410090E5F8 Tests failed [weight=30]: SUBJECTSPACES7=WARN SUBJECTSPACES10=WARN SPFPASS=WARN SPAMCHK=WARN GIBBERISH=WARN CATCHALLMAILS=IGNORE 04/01/2006 22:28:20 Q52D60D410090E5F8 Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=WARN] 04/01/2006 22:28:20 Q52D60D410090E5F8 Cumulative action(s) taken on this email = IGNORE WARN [LAST ACTION=WARN] - Original Message - From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 11:30 AM Subject: Re: [Declude.JunkMail] This doesnt add up Todd, We would really need to see the Declude log entries for that message to better determine the issue. Can you post that message entry. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Todd writes: A lot of spam has been getting through lately and at first I was thinking my Declude needed some tweaking. I am seeing some funny stuff though. I find emails where emails contain items that should have triggered filters but did not. I am on IMail 8.15 and Declude 2.06. Here is a header of an email where the numbers dont add to the score. It should have had a score of 5 + 15 + 15 + 30 = 65 but instead shows 30 My global.cfg has the following entries for the tests that were triggered SUBJECTSPACES7 subjectspaces 7 x 5 0 SUBJECTSPACES10 subjectspaces 10 x 15 0 SPFPASSspf pass x 0 0 X-RBL-Warning: SUBJECTSPACES7: Subject with at least 7 spaces found. X-RBL-Warning: SUBJECTSPACES10: Subject with at least 10 spaces found. X-RBL-Warning: SPFPASS: SPF returned PASS for this E-mail. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 15. X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 463, weight 30) X-Declude-Sender: [EMAIL PROTECTED] [69.89.85.90] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SUBJECTSPACES7, SUBJECTSPACES10, SPFPASS, SPAMCHK, GIBBERISH, CATCHALLMAILS [30] X-Note: Total spam weight of this E-mail is 30 . X-Country-Chain: UNITED STATES->destination X-Note: This E-mail was sent from eveningtrees.com ([69.89.85.90]). --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type &q
Re: [Declude.JunkMail] This doesnt add up
I should have been clearer. They show up in the headers of the emails where they are triggered. Here is an example that again does not add up (30 + 35 - 15 - 15 + 10 = 45) to the weight of 75 Declude has given it. FIVETENSRC ip4r blackholes.five-ten-sg.com 127.0.0.2 30 0 SORBS-DUL ip4r dnsbl.sorbs.net 127.0.0.10 35 0 NOLEGITCONTENT nolegitcontent x x 0 -15 IPNOTINMX ipnotinmx x x 0 -15 SPFUNKNOWN spf unknown x 0 0 COUNTRYFILTER filter d:\imail\declude\filters\countryfilter.txt x 0 0 ( weight 10 in filter) CATCHALLMAILS catchallmails x x 0 0 -- Received: from mail2.smart-mail.net [65.16.167.134] by net.smart-mail.net (SMTPD32-8.15) id A67D1E10156; Mon, 03 Apr 2006 14:24:45 -0500 Received: from fxi.com ([84.220.55.194]) by mail2.smart-mail.net (SMSSMTP 4.0.0.59) with SMTP id M2006040314252611030 for ; Mon, 03 Apr 2006 14:25:27 -0500 Message-ID: <[EMAIL PROTECTED]> Reply-To: "Liviu Gaeth" <[EMAIL PROTECTED]> From: "Liviu Gaeth" <[EMAIL PROTECTED]> To: todd Subject: see new Date: Mon, 3 Apr 2006 15:23:36 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_0001_01C65732.93DB6C50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0 X-mxGuard-Spool-ID: 767d01e101566616 X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Spam-Score: 0 X-Note: This message has been scanned for spam and viruses using mxGuard for IMail X-RBL-Warning: FIVETENSRC: 194.55.220.84.blackholes.five-ten-sg.com. X-RBL-Warning: SORBS-DUL: This E-mail came from 84.220.55.194, a potential spam source listed in SORBS-DUL. X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail. X-RBL-Warning: COUNTRYFILTER: Message failed COUNTRYFILTER test (line 106, weight 10) X-RBL-Warning: WEIGHT75: Weight of 75 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [84.220.55.194] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: FIVETENSRC, SORBS-DUL, NOLEGITCONTENT, IPNOTINMX, SPFUNKNOWN, COUNTRYFILTER, WEIGHT75, CATCHALLMAILS [75] X-Note: Total spam weight of this E-mail is 75 . X-Country-Chain: ITALY->UNITED STATES->destination X-Note: This E-mail was sent from host-84-220-55-194.cust-adsl.tiscali.it ([84.220.55.194]). X-RCPT-TO: Status: U X-UIDL: 400264161 -- - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 12:44 PM Subject: RE: [Declude.JunkMail] This doesnt add up Todd, I do not see them in the headers ? X-Spam-Tests-Failed: SUBJECTSPACES7, SUBJECTSPACES10, SPFPASS, SPAMCHK, GIBBERISH, CATCHALLMAILS [30] David B www.declude.com -Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Sent: Wednesday, April 05, 2006 12:56 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] This doesnt add up Thanks David, both of these tests are not hidden and show up in the headers. Todd - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 11:47 AM Subject: RE: [Declude.JunkMail] This doesnt add up To reduce false positives NOLEGITCONTENT and IPNOTINMX are hidden tests, check your global.cfg you should see the -5 David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Sent: Wednesday, April 05, 2006 12:22 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] This doesnt add up A lot of spam has been getting through lately and at first I was thinking my Declude needed some tweaking. I am seeing some funny stuff though. I find emails where emails contain items that should have triggered filters but did not. I am on IMail 8.15 and Declude 2.06. Here is a header of an email where the numbers dont add to the score. It should have had a score of 5 + 15 + 15 + 30 = 65 but instead shows 30 My global.cfg has the following entries for the tests that were triggered SUBJECTSPACES7 subjectspaces 7 x 5 0 SUBJECTSPACES10 subjectspaces 10 x 15 0 SPFPASSspf pass x 0 0 X-RBL-Warning: SUBJECTSPACES7: Subject with at least 7 spaces found. X-RBL-Warning: SUBJECTSPACES10: Subject with at least 10 spaces found. X-RBL-Warning: SPFPASS: SPF returned PASS for this E-mail. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 15. X-RBL-Warning: GIBBERISH:
Re: [Declude.JunkMail] This doesnt add up
Here is another one. Spamcheck reports a weight of 90 but Declude only gives it a weight of 55. This is the same reduction of 35 points as on the other email. I have looked through my global.cfg and all my filters for any line containing a weight of -35 that might cause the reduction but I do not see any. The only tests in my global.cfg with negative weights are BONDEDSENDER -50, IPNOTINMX -15, NOLEGITCONTENT -15, and none of them are triggered here. -- Received: from host167-139.discord.birch.net [192.168.1.19] by net.smart-mail.net (SMTPD32-8.15) id A4BB3D2A00C8; Wed, 15 Mar 2006 11:54:03 -0600 X-Bulk: 100 Received: from blue.dnsireland.com ([207.44.154.5]) by host167-139.discord.birch.net (SMSSMTP 4.0.0.59) with SMTP id M2006031511535223753 for ; Wed, 15 Mar 2006 11:53:53 -0600 Received: from nobody by blue.dnsireland.com with local (Exim 4.52) id 1FJaC1-0002Q5-0t for todd; Wed, 15 Mar 2006 17:53:53 + To: todd Subject: Verify your Chase.com account activity From: Chase Banking <[EMAIL PROTECTED]> Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: <[EMAIL PROTECTED]> Date: Wed, 15 Mar 2006 17:53:53 + X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - blue.dnsireland.com X-AntiAbuse: Original Domain - smart-mail.net X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - blue.dnsireland.com X-Source: X-Source-Args: X-Source-Dir: X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0 X-mxGuard-Spool-ID: 54bb3d2a00c86f8f X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Spam-Score: 0 X-Note: This message has been scanned for spam and viruses using mxGuard for IMail X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 90. X-RBL-Warning: NAVGATEWAYHEADER: Message failed NAVGATEWAYHEADER test (line 1, weight 0) X-Declude-Sender: [EMAIL PROTECTED] [207.44.154.5] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPFUNKNOWN, SPAMCHK, NAVGATEWAYHEADER, CATCHALLMAILS [55] X-Note: Total spam weight of this E-mail is 55 . X-Country-Chain: UNITED STATES->destination X-Note: This E-mail was sent from blue.dnsireland.com ([207.44.154.5]). X-RCPT-TO: Status: R X-UIDL: 400263651 - Original Message - From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 12:21 PM Subject: Re: [Declude.JunkMail] This doesnt add up Todd, Can you post your gibberish, spamchk, and spfpass lines from your global.cfg as well. Darrell Todd writes: 04/01/2006 22:28:20 Q52D60D410090E5F8 Could not load filter file d:\imail\declude\filters\navsmtpspam.txt.txt. 04/01/2006 22:28:20 Q52D60D410090E5F8 L1 Message OK 04/01/2006 22:28:20 Q52D60D410090E5F8 Tests failed [weight=30]: SUBJECTSPACES7=WARN SUBJECTSPACES10=WARN SPFPASS=WARN SPAMCHK=WARN GIBBERISH=WARN CATCHALLMAILS=IGNORE 04/01/2006 22:28:20 Q52D60D410090E5F8 Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=WARN] 04/01/2006 22:28:20 Q52D60D410090E5F8 Cumulative action(s) taken on this email = IGNORE WARN [LAST ACTION=WARN] - Original Message - From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 05, 2006 11:30 AM Subject: Re: [Declude.JunkMail] This doesnt add up --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.