Nick,
What I've done, and I can't be sure its working, is to set up my client's
SPF records like this:
v=spf1 ip4:[my ip mx range] ip4:[client ip mx range] mx ~all
The range format is nnn.nnn.nnn.nnn/nn
I haven't had complaints about SPF rejects.
George
-Original Message-
From:
Nick,
Sorry about my last email. I thought you were referring to outbound
forwarding, not inbound.
George
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Saturday, March 04, 2006 3:27 PM
To:
Hear hear.
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Matt
Sent: Saturday, March 04, 2006 4:36 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] spf breaks email forwarding -
Someone could write a plug-in
Scott,
Thanks very much for the info.
George
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Wednesday, March 01, 2006 12:14 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] MXRATE FYI
FYI:
I noticed a console.txt file after upgrading
to v4. This appears to have the summary line information from the V1
Console (deccon.exe).
Is this a step towards the Console functionality being added
back (I hope)?
V4 seems to be OK so far.
Thanks,
George
Same here too.
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Friday, February 10, 2006 2:27 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Changes @ Declude
Same here...
-
Hi Andy,
Like you, I didn't get the e-mail from Barry. I did do as Kevin suggested
in an earlier e-mail in this thread and called Barry. We had a very
pleasant conversation during which he explained everything to me and
answered all of my questions to my satisfaction.
It's too bad that so many
I agree in theory, but the user is the end judge of what they need from a
business standpoint. So, add elabs6.com to the list.
George
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Erik
Sent: Wednesday, February 08, 2006 3:11 PM
Mike,
If you use LOGLEVEL HIGH, the actual match will show in the JunkMail log.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Gable
Sent: Wednesday, December 31, 2003 11:59 AM
To: Declude (E-mail 2)
Subject: [Declude.JunkMail]
Dan,
Why not use Kami's Nigerian Filter? He's done all of the work for you.
Just remember to thank him.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Wednesday, December 31, 2003 12:15 PM
To: [EMAIL PROTECTED]
Subject:
John,
If you need to do more that group by e-mail, what I do is to import the log
into SQL2000 as a single column and then parse it with a T-SQL script using
keywords, key phrases, unique characters and spaces in specific locations.
Works really well and very fast.
George
-Original
be surprised to
see them
never hit.
Matt
George Kulman wrote:
Matt,
I use LOGLEVEL HIGH for my data collection and analysis
stuff and, as Bill
pointed out, all hits are reflected.
I've started to use SKIPIFWEIGHT. The result of course is
that filters are
bypassed
Matt,
I have no desire to get into an argument or flaming contest with you.
We agree that standard filters have a valuable place in this environment
and we both use standard filters.
We agree that neither of us have the desire to spend countless hours
tweaking filters and that automated solutions
Matt,
On Dec 11th, Scott replied to John Tolmachoff:
---
A while back, I had asked about the comparison in performance of a fromfile
and a filter using MAILFROM ENDSWITH.
But wouldn't Declude stop processing a fromfile as soon as a match is found,
where in a filter
Matt,
I thought you might be interested in the attached data which analyzes the
GIBBERISH and ANTI-GIBBERISH filters by number of hits on my system from
11/15 through yesterday.
If you're looking for effectiveness you should set the entries in
descending order of probability. I use a variation
the trouble. Data like this
will make a much bigger impact on performance if you run it against
filters where hits can only occur once in a file due to
unique data or
exact matching. Kami has a bunch of those.
Thanks,
Matt
George Kulman wrote:
Matt,
I thought you might
Matt,
I do only use filters that work. There are a number of situations however
that I believe make it impossible to effectively use only off the shelf
filters. There are also valid reasons to perform my own analysis of filter
effectiveness:
First, everyone's spam mix is different, just as
Scott,
Has the END problem been fixed and released yet?
Thanks,
George
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
Scott,
Would it be possible to add the filter name to the log entry indicating the
SKIPIFWEIGHT action (samples below).
12/09/2003 00:01:14 Q5703017b01e6dac7 Filter: Not skipping E-mail due to
current weight of 36.
12/09/2003 00:01:14 Q5703017b01e6dac7 FILTER: Skipping E-mail with a current
In using the WHITELISTFILE option can the subdomain be example.com or must
it be .example.com?
In other words, if I want to whitelist mail from a domain that also has
subdomains can I just use the entry of example.com or am I required to
have the multiple entries of @example.com and .example.com?
Bill Daniel,
I'm running the 1.77 Beta with 8.04 have the same problem.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry
Sent: Monday, December 08, 2003 8:52 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] END
that are known
to be forwarding to my server which should have the same effect as a
selective use of multiple hop scanning.
Matt
George Kulman wrote:
Matt,
I do scan multiple hops.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
John,
This is probably more than you wanted but I didn't want to post Scott's
explanation out of context.
I had a HiJack / Junkmail situation in August. This related to mail where I
am the secondary MX. HiJack was doing a very effective job of trapping
volume SPAM but I noticed that SPAM was
for this ?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
George Kulman
Sent: 6. desember 2003 09:49
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER
didn't work for me me
IPBYPASS is great except for the 20 entry
Scott,
There was a thread started the other day regarding the limitation of 20
IPBYPASS entries. I mentioned in a separate thread that I require 23 for
ATT forwarders plus my secondary MX's and a couple of other forwarders used
by my clients.
Can you increase the number of entries to a more
Keith,
Thanks. I hadn't seen it but I'll be on the lookout now.
George
-Original Message-
From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of
Keith Johnson
Sent: Saturday, December 06, 2003 2:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Declude not taking action
Marc
Don't forget 64.119.208.0/24
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marc Catuogno
Sent: Saturday, December 06, 2003 2:42 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] High % of spam from this IP range:
Rob,
Your backup and gateways should have IPBYPASS entries in the GLOBAL.CFG.
The BONDEDSENDER should be the originating Server and that should be what's
used for this test.
I discontinued use within a few days since was letting spam through with it
and there were other ways to handle the
started
to scan on
multiple hops yet, so this doesn't come into play.
Matt
George Kulman wrote:
Rob,
Your backup and gateways should have IPBYPASS entries in the
GLOBAL.CFG.
The BONDEDSENDER should be the originating Server and that
should be what's
used for this test.
I
a static IP. For remote client VPN a static IP will also be
needed on the second.
An experienced user can set each one up from scratch (out of the box) in 15
min including VPN.
Feel free to contact me OL or by phone (6 AM - 11 PM) EST.
George Kulman
Partner
Ridge Systems, L.L.C.
Cell - 201
THANK YOU Scott!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R.
Scott Perry
Sent: Friday, November 14, 2003 9:44 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Request for additional
filtering functionality
As I continue to
Hi all,
I have an IMail client who doesn't have budget funds available for Declude
where these are easily filterable. A fair amount of their spam contains a
URL redirection such as:
http://drs.yahoo.com/effloresce/*http://click.com-click.com.ph/click.php?id=
leneyeiID=40gi=hallmark
1. Is
does use it
themselves of course, and they also have it configured for links in
messages sent by third parties, such as Classmates for instance.
Matt
George Kulman wrote:
Hi all,
I have an IMail client who doesn't have budget funds available for Declude
where these are easily filterable
themselves of course, and they also have it configured for links in
messages sent by third parties, such as Classmates for instance.
Matt
George Kulman wrote:
Hi all,
I have an IMail client who doesn't have budget funds available for Declude
where these are easily filterable. A fair
Katie,
If you want the fully loaded mail / recipient count on the incomings try
find RCPT TO: sys.txt /C /I
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R.
Scott Perry
Sent: Wednesday, November 12, 2003 6:39 PM
To:
of
legitimate mail.
Third, in the beginning, use a COPYTO yourself or a special mailbox so that
you can screen what's being deleted and easily recover a copy if needed.
George Kulman
Partner
Ridge Systems, L.L.C.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Title: Message
Harry,
A
filter line of:
BODY
CONTAINS 0 %3982%30%37.biz
will
handle it just fine. I usually leave the www out of the filter to make it
a shorter comparison.
George
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Harry
Scott,
Could this be done with some form of DNS based test where the test result(s)
are only used in the $default$.junkmail for the specific domain?
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R.
Scott Perry
Sent: Wednesday, September
The following ipblacklist entry with a high enough weight to reject will
kill their stuff:
64.119.218.192/27 advertisingbymail.com
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Greg Foulks
Sent: Tuesday, September 02, 2003 10:16 AM
Greg,
After checking my ipblacklist, I have the entire Class C blocked due to
multiple spammers. The entry is:
64.119.218.0/24 Assorted SPAM
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Greg Foulks
Sent: Tuesday, September 02, 2003
Rusty,
Since they're all trying to get your money, they always have a URL or phone
number, possibly obfuscated, which you can block with a filter if you have
the PRO Version. I think that this is my fastest growing filter file.
George
-Original Message-
From: [EMAIL PROTECTED]
Title: Message
Kami,
Why
not
MAILFROM0STARTSWITH*@
George
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kami RazvanSent: Tuesday, August 19, 2003 7:34
AMTo: [EMAIL PROTECTED]Subject:
[Declude.JunkMail] Picking up just User Name in email?
Title: Message
Kami,
Please
whitelist my Almost-On-Line.com domain which I use for AOL convertees and also
use as a honey pot.
George KulmanPartnerRidge Systems,
L.L.C.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kami RazvanSent:
60% SPAM.
There are many tools available as well as filter lists that you can use as a
starting point - check the Declude web site for Tools.
George Kulman
Partner
Ridge Systems, L.L.C.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Dan Geiser
Sent
/27
A. from 216.162.101.110 to 216.162.101.141 or
B. from 216.192.101.96 to 216.162.101.127
TIA,
George Kulman
Partner
Ridge Systems, L.L.C.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list
enable us to set a time period for
retention of entries in the file, 10 days for example. That would keep the
list from growing infinitely.
George Kulman
Partner
Ridge Systems, L.L.C.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Sunday, February 02, 2003 9:12 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] IPBlacklist CIDR Question
When JunkMail does a CIDR calculation from an entry in
Thanks again Scott.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Sunday, February 02, 2003 9:28 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] HiJack Enhancement
I find that HiJack catches a meaningful amount of SPAM
as JunkMail is parsing to do its thing on each of the hops. I have
HOPHIGH 6 in my GLOBAL.CFG.
I realize that this particular piece of SPAM has been identified as such by
many other tests, but that's not the question here.
As always, thanks for the time.
George Kulman
Partner
Ridge Systems
Scott,
OK. I'll leave you alone for the rest of today G.
BTW, HiJack has trapped over 500 pieces of SPAM this weekend for 2 domains
whose Primary MX's have been up and running the entire time. JunkMail got
another 400+ for 1 of those domains. Just shows how the spammers are going
after the
Scott,
I run Junkmail at a log setting of HIGH. After switching to 166i11 I have
noticed that the last log entry for every e-mail reads Final Action =
IGNORE.
This is the case even though various tests may show Actions of WARN, COPYTO,
or ROUTETO. What's the story?
Thanks,
George Kulman
They belong on the same list as Citicorp its subsidiaries.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sanford Whiteman
Sent: Thursday, January 09, 2003 2:54 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] OT: Pots Kettles in the
David,
You'll also have to put a line in your $default$.junkmail (and
GLOBAL.CFG for outgoing) if you want to see the test result in the
headers.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of David
Lewis-Waller
Sent: Thursday, November 28,
David,
It would have been nice if I mentioned that the line to be added is:
MYFILTERWARN
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of David
Lewis-Waller
Sent: Thursday, November 28, 2002 8:42 AM
To: [EMAIL PROTECTED]
Subject:
in an
email such as the example below if every hop were processed. I realize
that this example is still being identified as spam but there are others
that have slipped through in the past. This is just meant to examine
the multi hop question.
Thanks,
George Kulman
Partner
Ridge Systems, L.L.C.
Other
Scott,
Could you activate horizontal scroll capability for the window. Even at
full screen there's information that's not visible on the right hand
side and no scroll capability exists.
Thanks,
George Kulman
Partner
Ridge Systems, L.L.C.
Cell - 201-647-3250 or 516-582-0019
Office - 201-291
Roland,
TESTNAMEROUTETO [EMAIL PROTECTED]
Example
BLACKLIST ROUTETO [EMAIL PROTECTED]
George Kulman
Partner
Ridge Systems, L.L.C.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Roland Braun
Sent: Wednesday, October 02, 2002 2:17 AM
Scott,
Thanks very much.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Sunday, September 29, 2002 9:14 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] MAILTO Filter Request
There was a question last month
Scott,
When you do get to consider this please think about something like STOP
to stop testing further in the individual filter or test, and STOPALL to
stop all further testing.
Thanks,
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R.
Steve,
From the Junkmail Manual:
To blacklist a range of IPs, you can use CIDR style IP ranges. For
example, 127.0.0.0/8 would blacklist all addresses from 127.0.0.0
through 127.255.255.255. 127.0.0.0/24 would blacklist the Class C
range from 127.0.0.0 through 127.0.0.255.
George Kulman
Title: Message
I
really couldn't help laughing at discovering spam this morning through an open
relay at: mail.kcpd.org
Kansas
City, MO Police Department
Where's SPAMCOP when you need them.
George
Kulman
Partner
Ridge
Systems, L.L.C.
Analytically correct
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sharyn Schmidt
Sent: Tuesday, September 24, 2002 10:05 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] spam rec'd using internal return address
question on this
Scott,
For the wish list please - An additional filter type (or flag) that
would exit after the first match.
I've been pretty successful with filtering MAILFROM and, to speed up
processing it would be beneficial if the filter processing could end
after a match. The same would apply to an IP
63 matches
Mail list logo