[Declude.JunkMail] yahoo as spam
Hi, I have a customer, she is sending email from her yahoo account to her email address here. It is being caught as spam, as per included log entries. Good ole yahoo, not RFC compliant as the postmaster and abuse email addresses. I have also included my config files. This config has worked very well in the past, almost no false positives and catching approx 85% of all spam. Comments for improvement, please. Thanks, Andy 06/02/2003 05:51:08 Q1e0a290 FIVETENSRC:5 NOPOSTMASTER:3 NOABUSE:2 . Total weight = 10 06/02/2003 05:51:08 Q1e0a290 Msg failed FIVETENSRC (184.129.136.216.blackholes.five-ten-sg.com.). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed NOPOSTMASTER (Not supporting [EMAIL PROTECTED]). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed NOABUSE (Not supporting [EMAIL PROTECTED]). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed WEIGHT10 (Weight of 10 reaches or exceeds the limit of 10.). Action=HOLD. 06/02/2003 05:51:08 Q1e0a290 Subject: Fwd: RE: Ed Tech Day / Joyce Carol Oates 06/02/2003 05:51:08 Q1e0a290 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] $default$.junkmail BLACKLIST DELETE OSDUL HOLD OSSOFT HOLD ORDBHOLD SPAMCOP HOLD ZONEIN HOLD MAILFROMHOLD SPAMROUTING HOLD PERCENT HOLD WEIGHT10HOLD # Global.cfg: Declude JunkMail configuration file CODE XXX LOGFILE D:\Imail\spool\spam.log LOGLEVELMID LOG_OK NONE HOP 0 DNS 216.153.138.61 CONSOLE OFF IPBYPASS216.153.138.61 # NS1_Thumper XSENDER ON XSPOOLNAME ON XINHEADER X-Note: Checked for SPAM and Viruses by Thumpernet - http://www.thumpernet.com XINHEADER X-note: Total spam weight of the emai is %WEIGHT% XOUTHEADER X-Note: Please send abuse reports to [EMAIL PROTECTED] BLACKLIST fromfile d:\imail\declude\blacklist.txt OSRELAY ip4rrelays.osirusoft.com127.0.0.2 2 0 OSDUL ip4rrelays.osirusoft.com127.0.0.3 OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 OSSOFT ip4rrelays.osirusoft.com127.0.0.6 OSLIST ip4rrelays.osirusoft.com127.0.0.7 3 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 FIVETENSRC ip4rblackholes.five-ten-sg.com 127.0.0.2 5 0 FIVETENDUL ip4rblackholes.five-ten-sg.com 127.0.0.3 5 0 FIVETENOPTINip4rblackholes.five-ten-sg.com 127.0.0.4 3 0 FIVETENOTHERip4rblackholes.five-ten-sg.com 127.0.0.5 5 0 DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 2 0 NOPOSTMASTERrhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 MAILFROMenvfrom BADHEADERS badheaders x x 4 0 SPAMHEADERS spamheaders x x 4 0 SPAMROUTING spamrouting HEUR10 heuristics 10 x 5 0 PERCENT percent WEIGHT10weight x x 10 0 WHITELIST FROM [EMAIL PROTECTED] WHITELIST FROM @MAILER-DAEMONitrogen.packetcity.com WHITELIST TO [EMAIL PROTECTED] WHITELIST TO [EMAIL PROTECTED] WHITELIST IP 216.153.138.# Anything from our address space WHITELIST FROM@go2france.com WHITELIST FROM@mail.go2france.com WHITELIST FROM@list.ipswitch.com WHITELIST FROM@declude.com WHITELIST FROM@signup.universalstudios.com #For JGL 1/4/02 WHITELIST FROM @listserv.usairways.com #For Rita 1/4/02 WHITELIST FROM@centro.org #for [EMAIL PROTECTED] 1/7/02 WHITELIST FROM @upstate.edu #for lisa b 2/5/02 WHITELIST FROM @listsrv02.usairways.com WHITELIST FROM @registrars.com WHITELIST FROM @hammond-irving.com #reported to spamcop WHITELIST FROM @hillside.com #Peg 02/12/02 WHITELIST FROM [EMAIL PROTECTED] #Peg 02/22/02 WHITELIST FROM @youngliving.com #Peg 02/27/02 WHITELIST FROM @irco.com #Peg 03/06/02 WHITELIST FROM @TerritoryMortgage.com #Peg 04/04/02 WHITELIST FROM @territoryloan.com #Peg 05/30/02 WHITELIST FROM @skf.com #Peg 06/12/02 WHITELIST FROM @paypal.com #Peg 07/10/02 WHITELIST FROM [EMAIL PROTECTED] #Peg 08/08/02 WHITELIST FROM @usa.redcross.org #Peg 08/19/02 WHITELIST FROM [EMAIL PROTECTED] #Peg 09/19/02 WHITELIST FROM [EMAIL PROTECTED] #for k O'Hara 1/6/03 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] yahoo as spam
Catching almost no FP with holding at 10? I don't think so. Anything coming from Yahoo.com will then automatically be at half of your hold weight. This is a known problem with Yahoo. Couple of recommendations. Change your weighting setup. Setup a white filter. User another external program to help whitelist. (Sorry, cheap plug.) Adjust your weights. Setup a grey filter. Etc. Also, SpamCop has been discussed a couple of times in IMO does not warrant a HOLD. Personally, I do not use FIVTENSCR. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of andyb Sent: Monday, June 02, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] yahoo as spam Hi, I have a customer, she is sending email from her yahoo account to her email address here. It is being caught as spam, as per included log entries. Good ole yahoo, not RFC compliant as the postmaster and abuse email addresses. I have also included my config files. This config has worked very well in the past, almost no false positives and catching approx 85% of all spam. Comments for improvement, please. Thanks, Andy 06/02/2003 05:51:08 Q1e0a290 FIVETENSRC:5 NOPOSTMASTER:3 NOABUSE:2 . Total weight = 10 06/02/2003 05:51:08 Q1e0a290 Msg failed FIVETENSRC (184.129.136.216.blackholes.five-ten-sg.com.). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed NOPOSTMASTER (Not supporting [EMAIL PROTECTED]). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed NOABUSE (Not supporting [EMAIL PROTECTED]). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed WEIGHT10 (Weight of 10 reaches or exceeds the limit of 10.). Action=HOLD. 06/02/2003 05:51:08 Q1e0a290 Subject: Fwd: RE: Ed Tech Day / Joyce Carol Oates 06/02/2003 05:51:08 Q1e0a290 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] $default$.junkmail BLACKLIST DELETE OSDUL HOLD OSSOFT HOLD ORDBHOLD SPAMCOP HOLD ZONEIN HOLD MAILFROMHOLD SPAMROUTING HOLD PERCENT HOLD WEIGHT10HOLD # Global.cfg: Declude JunkMail configuration file CODE XXX LOGFILE D:\Imail\spool\spam.log LOGLEVELMID LOG_OK NONE HOP 0 DNS 216.153.138.61 CONSOLE OFF IPBYPASS216.153.138.61 # NS1_Thumper XSENDER ON XSPOOLNAME ON XINHEADER X-Note: Checked for SPAM and Viruses by Thumpernet - http://www.thumpernet.com XINHEADER X-note: Total spam weight of the emai is %WEIGHT% XOUTHEADER X-Note: Please send abuse reports to [EMAIL PROTECTED] BLACKLIST fromfile d:\imail\declude\blacklist.txt OSRELAY ip4rrelays.osirusoft.com127.0.0.2 2 0 OSDUL ip4rrelays.osirusoft.com127.0.0.3 OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 OSSOFT ip4rrelays.osirusoft.com127.0.0.6 OSLIST ip4rrelays.osirusoft.com127.0.0.7 3 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 FIVETENSRC ip4rblackholes.five-ten-sg.com 127.0.0.2 5 0 FIVETENDUL ip4rblackholes.five-ten-sg.com 127.0.0.3 5 0 FIVETENOPTINip4rblackholes.five-ten-sg.com 127.0.0.4 3 0 FIVETENOTHERip4rblackholes.five-ten-sg.com 127.0.0.5 5 0 DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 2 0 NOPOSTMASTERrhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 MAILFROMenvfrom BADHEADERS badheaders x x 4 0 SPAMHEADERS spamheaders x x 4 0 SPAMROUTING spamrouting HEUR10 heuristics 10 x 5 0 PERCENT percent WEIGHT10weight x x 10 0 WHITELIST FROM [EMAIL PROTECTED] WHITELIST FROM @MAILER-DAEMONitrogen.packetcity.com WHITELIST TO [EMAIL PROTECTED] WHITELIST TO [EMAIL PROTECTED] WHITELIST IP 216.153.138.# Anything from our address space WHITELIST FROM@go2france.com WHITELIST FROM@mail.go2france.com WHITELIST FROM@list.ipswitch.com WHITELIST FROM@declude.com WHITELIST FROM@signup.universalstudios.com #For JGL 1/4/02 WHITELIST FROM @listserv.usairways.com #For Rita 1/4/02 WHITELIST FROM@centro.org #for [EMAIL PROTECTED] 1/7/02 WHITELIST FROM @upstate.edu #for lisa b 2/5/02 WHITELIST FROM @listsrv02.usairways.com WHITELIST FROM @registrars.com WHITELIST FROM @hammond-irving.com #reported to spamcop WHITELIST FROM @hillside.com #Peg 02/12/02 WHITELIST FROM [EMAIL PROTECTED] #Peg 02/22/02
Re: [Declude.JunkMail] yahoo as spam
Ok, This is good for general info. Care to me more specific? - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 02, 2003 11:36 AM Subject: RE: [Declude.JunkMail] yahoo as spam Catching almost no FP with holding at 10? I don't think so. Anything coming from Yahoo.com will then automatically be at half of your hold weight. This is a known problem with Yahoo. Couple of recommendations. Change your weighting setup. Setup a white filter. User another external program to help whitelist. (Sorry, cheap plug.) Adjust your weights. Setup a grey filter. Etc. Also, SpamCop has been discussed a couple of times in IMO does not warrant a HOLD. Personally, I do not use FIVTENSCR. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of andyb Sent: Monday, June 02, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] yahoo as spam Hi, I have a customer, she is sending email from her yahoo account to her email address here. It is being caught as spam, as per included log entries. Good ole yahoo, not RFC compliant as the postmaster and abuse email addresses. I have also included my config files. This config has worked very well in the past, almost no false positives and catching approx 85% of all spam. Comments for improvement, please. Thanks, Andy 06/02/2003 05:51:08 Q1e0a290 FIVETENSRC:5 NOPOSTMASTER:3 NOABUSE:2 . Total weight = 10 06/02/2003 05:51:08 Q1e0a290 Msg failed FIVETENSRC (184.129.136.216.blackholes.five-ten-sg.com.). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed NOPOSTMASTER (Not supporting [EMAIL PROTECTED]). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed NOABUSE (Not supporting [EMAIL PROTECTED]). Action=IGNORE. 06/02/2003 05:51:08 Q1e0a290 Msg failed WEIGHT10 (Weight of 10 reaches or exceeds the limit of 10.). Action=HOLD. 06/02/2003 05:51:08 Q1e0a290 Subject: Fwd: RE: Ed Tech Day / Joyce Carol Oates 06/02/2003 05:51:08 Q1e0a290 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] $default$.junkmail BLACKLIST DELETE OSDUL HOLD OSSOFT HOLD ORDBHOLD SPAMCOP HOLD ZONEIN HOLD MAILFROMHOLD SPAMROUTING HOLD PERCENT HOLD WEIGHT10HOLD # Global.cfg: Declude JunkMail configuration file CODE XXX LOGFILE D:\Imail\spool\spam.log LOGLEVELMID LOG_OK NONE HOP 0 DNS 216.153.138.61 CONSOLE OFF IPBYPASS216.153.138.61 # NS1_Thumper XSENDER ON XSPOOLNAME ON XINHEADER X-Note: Checked for SPAM and Viruses by Thumpernet - http://www.thumpernet.com XINHEADER X-note: Total spam weight of the emai is %WEIGHT% XOUTHEADER X-Note: Please send abuse reports to [EMAIL PROTECTED] BLACKLIST fromfile d:\imail\declude\blacklist.txt OSRELAY ip4rrelays.osirusoft.com127.0.0.2 2 0 OSDUL ip4rrelays.osirusoft.com127.0.0.3 OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 OSSOFT ip4rrelays.osirusoft.com127.0.0.6 OSLIST ip4rrelays.osirusoft.com127.0.0.7 3 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 FIVETENSRC ip4rblackholes.five-ten-sg.com 127.0.0.2 5 0 FIVETENDUL ip4rblackholes.five-ten-sg.com 127.0.0.3 5 0 FIVETENOPTINip4rblackholes.five-ten-sg.com 127.0.0.4 3 0 FIVETENOTHERip4rblackholes.five-ten-sg.com 127.0.0.5 5 0 DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 2 0 NOPOSTMASTERrhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 MAILFROMenvfrom BADHEADERS badheaders x x 4 0 SPAMHEADERS spamheaders x x 4 0 SPAMROUTING spamrouting HEUR10 heuristics 10 x 5 0 PERCENT percent WEIGHT10weight x x 10 0 WHITELIST FROM [EMAIL PROTECTED] WHITELIST FROM @MAILER-DAEMONitrogen.packetcity.com WHITELIST TO [EMAIL PROTECTED] WHITELIST TO [EMAIL PROTECTED] WHITELIST IP 216.153.138.# Anything from our address space WHITELIST FROM@go2france.com WHITELIST FROM@mail.go2france.com WHITELIST FROM@list.ipswitch.com WHITELIST FROM@declude.com WHITELIST FROM@signup.universalstudios.com #For JGL 1/4/02 WHITELIST FROM @listserv.usairways.com #For Rita 1/4/02 WHITELIST FROM@centro.org #for [EMAIL PROTECTED] 1/7/02 WHITELIST FROM @upstate.edu #for lisa
Re[2]: [Declude.JunkMail] yahoo as spam
Lets just hope John adds a global whitelist.. If one person is talking to a client then others should also be as easily get an email from that client- regardless of their level of communication with him/her. While effective in low-traffic environments, wouldn't this potentially create a *huge* and resource-hungry whitelist? When every outgoing e-mail requires the updating of a single file, and every incoming e-mail requires the scanning of that same file...ugh. And the alternative, the scanning of (potentially) every user's individual AutoWhite file on incoming, while faster on outgoing, would also be ugh-worthy. Perhaps there's a more advanced logic that could be employed, though. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] yahoo as spam
Sany... You are right.. Did not think about it.. But lets take the opposite side.. Just for kicks.. If mathematically we know that more than 50% .. (if not more) of all emails are spam.. Would that mathematically not be to our benefit. It somehow seems that having a database of legit emails is faster than illegitmate emails now that the tilt is on bad emails. But you are right.. It is huge. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Monday, June 02, 2003 2:27 PM To: Kami Razvan Subject: Re[2]: [Declude.JunkMail] yahoo as spam Lets just hope John adds a global whitelist.. If one person is talking to a client then others should also be as easily get an email from that client- regardless of their level of communication with him/her. While effective in low-traffic environments, wouldn't this potentially create a *huge* and resource-hungry whitelist? When every outgoing e-mail requires the updating of a single file, and every incoming e-mail requires the scanning of that same file...ugh. And the alternative, the scanning of (potentially) every user's individual AutoWhite file on incoming, while faster on outgoing, would also be ugh-worthy. Perhaps there's a more advanced logic that could be employed, though. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.