RE: [Declude.JunkMail] Surbl.org
Everything SpamChk does can be done with SA rules, AFAIK (not that those rules have been precisely reproduced as yet). I swear we haven't tried to copy anything from the SA rules. If there is something similar then because both their and our research has identified the same good indicators. Beginning our work we've found something interesting and tried it out on our server. After two weeks we've had a lot of false negatives for this test and found out that SA has added the same test to their official rules. As I can understand spammers are investigating the well known and often implemented SA and adapt their outgoing messages to slip trough the actual rules. Especially negative points. I'm not sure about this but I wonder if spammers hasn't tried it already. None of this is any slur whatsoever on Markus and his handiwork, which we use as well. Anyway, SURBL will probably get into Declude soon enough, per Scott. SpamChk does already extract all links from the body. The next step would be to implement some lookup feature - and that would be new for SpamChk. So we've decided to remain in our primary area (content based tests) without adding remote lookup functionality. There are other tests I've allready identified as good indicators. However I hope to see SURBL soon as an additional Declude test. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Surbl.org
However I hope to see SURBL soon as an additional Declude test. I just got caught up on this thread and checked out the website for SURBL and I agree! This would help with the stuff that passes all of the other tests. Sheldon Sheldon Koehler, Sr. SysAdminhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Surbl.org
However I hope to see SURBL soon as an additional Declude test. I just got caught up on this thread and checked out the website for SURBL and I agree! This would help with the stuff that passes all of the other tests. Sheldon Hi, SURBL is surprisingly effective, considering the fact that it only contains about 450-500 entries. I have written a simple command script that downloads the rbldns zone file and converts it to a body filter. I have scheduled it to run once a day. Here are yesterday's stats with 9666 hits for the SURBL test (note that the individual tests show total number of hits, while the spam summary only counts one hit per message irrespective of the number of recipients): # Declude test results -- dec0412.log AHBL-PROXY 1857 AHBL-RHSBL 835 AHBL-SOURCE 302 BADHEADERS 1610 BASE64-PLUS 412 BASE64 786 CBL 10616 COMMENTS 54 DSBL 8875 DSN 1611 FORGEDLOCAL 781 GREYLIST 5 HELOBOGUS 2616 MAILFROM 487 MAILPOLICE 554 MESSAGE OK 2294 NETBL 463 OPM 554 ORDB 24 REVDNS 3028 RSL 673 SBL 571 SNIFFER-ADULT 897 SNIFFER-CASINO 35 SNIFFER-CREDIT 1057 SNIFFER-EMAIL 8 SNIFFER-EXP 578 SNIFFER-GEN 824 SNIFFER-GREY 2 SNIFFER-INSUR 571 SNIFFER-MAL 2 SNIFFER-MEDIA 2172 SNIFFER-OBFUSC 201 SNIFFER-PHARM 5279 SNIFFER-PRINT 0 SNIFFER-RICH 840 SNIFFER-SCAM 119 SNIFFER-TOOLS 0 SNIFFER-TRAVEL 43 SNIFFER 12628 SORBS-DUHL 7512 SPAMCOP 10546 SPAMDOMAINS 3380 SPAMHEADERS 293 SPAMTRAP 121 SPFFAIL 209 SURBL 9666 URLDBL 76 WEIGHT15-19 846 WEIGHT20 11987 WHITELISTED 110 Unique messages for local delivery: 5812 Held spam: 4256 (73%) Marked spam: 455 (7%) Non-spam: 1101 (18%) Furthermore, SURBL has a rather low overlap with most other tests (only unique hits are counted here): #Test check - dec0412.log Test: SURBL Number of unique hits: 2849 Shared with SBL (421 hits): 69 (2%) Shared with DSBL (3018 hits): 1951 (68%) Shared with SPAMCOP (3673 hits): 2208 (77%) Shared with AHBL-SOURCE (261 hits): 49 (1%) Shared with CBL (3563 hits): 2232 (78%) Shared with AHBL-PROXY (683 hits): 420 (14%) Shared with OPM (200 hits): 132 (4%) Shared with RSL (240 hits): 163 (5%) Shared with ORDB (22 hits): 8 (0%) Shared with SORBS-DUHL (2510 hits): 1494 (52%) Shared with DSN (479 hits): 299 (10%) Shared with AHBL-RHSBL (346 hits): 184 (6%) Shared with MAILPOLICE (492 hits): 171 (6%) Shared with MAILFROM (161 hits): 67 (2%) Shared with BADHEADERS (682 hits): 290 (10%) Shared with HELOBOGUS (940 hits): 537 (18%) Shared with SPFFAIL (125 hits): 101 (3%) Shared with SPAMHEADERS (248 hits): 43 (1%) Shared with REVDNS (1528 hits): 645 (22%) Shared with COMMENTS (46 hits): 19 (0%) Shared with BASE64 (577 hits): 3 (0%) Shared with SNIFFER (4485 hits): 2830 (99%) Shared with SNIFFER-TRAVEL (7 hits): 7 (0%) Shared with SNIFFER-INSUR (66 hits): 44 (1%) Shared with SNIFFER-TOOLS (0 hits): 0 (0%) Shared with SNIFFER-MEDIA (360 hits): 323 (11%) Shared with SNIFFER-EMAIL (8 hits): 1 (0%) Shared with SNIFFER-PHARM (2188 hits): 1650 (57%) Shared with SNIFFER-SCAM (35 hits): 5 (0%) Shared with SNIFFER-ADULT (470 hits): 290 (10%) Shared with SNIFFER-MAL (2 hits): 0 (0%) Shared with SNIFFER-PRINT (0 hits): 0 (0%) Shared with SNIFFER-RICH (377 hits): 65 (2%) Shared with SNIFFER-CREDIT (249 hits): 172 (6%) Shared with SNIFFER-CASINO (14 hits): 5 (0%) Shared with SNIFFER-GREY (2 hits): 0 (0%) Shared with SNIFFER-OBFUSC (130 hits): 85 (2%) Shared with SNIFFER-EXP (234 hits): 108 (3%) Shared with SNIFFER-GEN (343 hits): 75 (2%) Shared with SPAMDOMAINS (970 hits): 630 (22%) Shared with SPAMTRAP (29 hits): 18 (0%) Shared with FORGEDLOCAL (330 hits): 75 (2%) Shared with NETBL (214 hits): 125 (4%) Shared with URLDBL (52 hits): 6 (0%) Shared with BASE64-PLUS (384 hits): 2 (0%) Shared with GREYLIST (5 hits): 0 (0%) Shared with WEIGHT15-19 (455 hits): 198 (6%) Shared with WEIGHT20 (4256 hits): 2519 (88%) If anyone is interested, I can make the SURBL script available for download (together with some other scripts, e.g., the log analysis and test check scripts that generated the results seen above). The best solution is of course to have the SURBL test implemented directly in Declude, especially since it is a realtime blocklist, but until then this filter will do just fine. /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org
Me too :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, April 13, 2004 10:27 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Surbl.org I would be interested in your script until native support is added to Declude. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org
Definitely interested in those scripts! Cris Porter JVC America -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Eriksson Sent: Tuesday, April 13, 2004 9:11 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Surbl.org However I hope to see SURBL soon as an additional Declude test. I just got caught up on this thread and checked out the website for SURBL and I agree! This would help with the stuff that passes all of the other tests. Sheldon Hi, SURBL is surprisingly effective, considering the fact that it only contains about 450-500 entries. I have written a simple command script that downloads the rbldns zone file and converts it to a body filter. I have scheduled it to run once a day. Here are yesterday's stats with 9666 hits for the SURBL test (note that the individual tests show total number of hits, while the spam summary only counts one hit per message irrespective of the number of recipients): # Declude test results -- dec0412.log AHBL-PROXY 1857 AHBL-RHSBL 835 AHBL-SOURCE 302 BADHEADERS 1610 BASE64-PLUS 412 BASE64 786 CBL 10616 COMMENTS 54 DSBL 8875 DSN 1611 FORGEDLOCAL 781 GREYLIST 5 HELOBOGUS 2616 MAILFROM 487 MAILPOLICE 554 MESSAGE OK 2294 NETBL 463 OPM 554 ORDB 24 REVDNS 3028 RSL 673 SBL 571 SNIFFER-ADULT 897 SNIFFER-CASINO 35 SNIFFER-CREDIT 1057 SNIFFER-EMAIL 8 SNIFFER-EXP 578 SNIFFER-GEN 824 SNIFFER-GREY 2 SNIFFER-INSUR 571 SNIFFER-MAL 2 SNIFFER-MEDIA 2172 SNIFFER-OBFUSC 201 SNIFFER-PHARM 5279 SNIFFER-PRINT 0 SNIFFER-RICH 840 SNIFFER-SCAM 119 SNIFFER-TOOLS 0 SNIFFER-TRAVEL 43 SNIFFER 12628 SORBS-DUHL 7512 SPAMCOP 10546 SPAMDOMAINS 3380 SPAMHEADERS 293 SPAMTRAP 121 SPFFAIL 209 SURBL 9666 URLDBL 76 WEIGHT15-19 846 WEIGHT20 11987 WHITELISTED 110 Unique messages for local delivery: 5812 Held spam: 4256 (73%) Marked spam: 455 (7%) Non-spam: 1101 (18%) Furthermore, SURBL has a rather low overlap with most other tests (only unique hits are counted here): #Test check - dec0412.log Test: SURBL Number of unique hits: 2849 Shared with SBL (421 hits): 69 (2%) Shared with DSBL (3018 hits): 1951 (68%) Shared with SPAMCOP (3673 hits): 2208 (77%) Shared with AHBL-SOURCE (261 hits): 49 (1%) Shared with CBL (3563 hits): 2232 (78%) Shared with AHBL-PROXY (683 hits): 420 (14%) Shared with OPM (200 hits): 132 (4%) Shared with RSL (240 hits): 163 (5%) Shared with ORDB (22 hits): 8 (0%) Shared with SORBS-DUHL (2510 hits): 1494 (52%) Shared with DSN (479 hits): 299 (10%) Shared with AHBL-RHSBL (346 hits): 184 (6%) Shared with MAILPOLICE (492 hits): 171 (6%) Shared with MAILFROM (161 hits): 67 (2%) Shared with BADHEADERS (682 hits): 290 (10%) Shared with HELOBOGUS (940 hits): 537 (18%) Shared with SPFFAIL (125 hits): 101 (3%) Shared with SPAMHEADERS (248 hits): 43 (1%) Shared with REVDNS (1528 hits): 645 (22%) Shared with COMMENTS (46 hits): 19 (0%) Shared with BASE64 (577 hits): 3 (0%) Shared with SNIFFER (4485 hits): 2830 (99%) Shared with SNIFFER-TRAVEL (7 hits): 7 (0%) Shared with SNIFFER-INSUR (66 hits): 44 (1%) Shared with SNIFFER-TOOLS (0 hits): 0 (0%) Shared with SNIFFER-MEDIA (360 hits): 323 (11%) Shared with SNIFFER-EMAIL (8 hits): 1 (0%) Shared with SNIFFER-PHARM (2188 hits): 1650 (57%) Shared with SNIFFER-SCAM (35 hits): 5 (0%) Shared with SNIFFER-ADULT (470 hits): 290 (10%) Shared with SNIFFER-MAL (2 hits): 0 (0%) Shared with SNIFFER-PRINT (0 hits): 0 (0%) Shared with SNIFFER-RICH (377 hits): 65 (2%) Shared with SNIFFER-CREDIT (249 hits): 172 (6%) Shared with SNIFFER-CASINO (14 hits): 5 (0%) Shared with SNIFFER-GREY (2 hits): 0 (0%) Shared with SNIFFER-OBFUSC (130 hits): 85 (2%) Shared with SNIFFER-EXP (234 hits): 108 (3%) Shared with SNIFFER-GEN (343 hits): 75 (2%) Shared with SPAMDOMAINS (970 hits): 630 (22%) Shared with SPAMTRAP (29 hits): 18 (0%) Shared with FORGEDLOCAL (330 hits): 75 (2%) Shared with NETBL (214 hits): 125 (4%) Shared with URLDBL (52 hits): 6 (0%) Shared with BASE64-PLUS (384 hits): 2 (0%) Shared with GREYLIST (5 hits): 0 (0%) Shared with WEIGHT15-19 (455 hits): 198 (6%) Shared with WEIGHT20 (4256 hits): 2519 (88%) If anyone is interested, I can make the SURBL script available for download (together with some other scripts, e.g., the log analysis and test check scripts that generated the results seen above). The best solution is of course to have the SURBL test implemented directly in Declude, especially since it is a realtime blocklist, but until then this filter will do just fine. /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from
RE: [Declude.JunkMail] Surbl.org
I would be interested in your script also. Stu At 08:27 AM 04/13/2004 -0700, you wrote: I would be interested in your script until native support is added to Declude. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Roger Eriksson Sent: Tuesday, April 13, 2004 8:11 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Surbl.org However I hope to see SURBL soon as an additional Declude test. I just got caught up on this thread and checked out the website for SURBL and I agree! This would help with the stuff that passes all of the other tests. Sheldon Hi, SURBL is surprisingly effective, considering the fact that it only contains about 450-500 entries. I have written a simple command script that downloads the rbldns zone file and converts it to a body filter. I have scheduled it to run once a day. Here are yesterday's stats with 9666 hits for the SURBL test (note that the individual tests show total number of hits, while the spam summary only counts one hit per message irrespective of the number of recipients): # Declude test results -- dec0412.log AHBL-PROXY 1857 AHBL-RHSBL 835 AHBL-SOURCE 302 BADHEADERS 1610 BASE64-PLUS 412 BASE64 786 CBL 10616 COMMENTS 54 DSBL 8875 DSN 1611 FORGEDLOCAL 781 GREYLIST 5 HELOBOGUS 2616 MAILFROM 487 MAILPOLICE 554 MESSAGE OK 2294 NETBL 463 OPM 554 ORDB 24 REVDNS 3028 RSL 673 SBL 571 SNIFFER-ADULT 897 SNIFFER-CASINO 35 SNIFFER-CREDIT 1057 SNIFFER-EMAIL 8 SNIFFER-EXP 578 SNIFFER-GEN 824 SNIFFER-GREY 2 SNIFFER-INSUR 571 SNIFFER-MAL 2 SNIFFER-MEDIA 2172 SNIFFER-OBFUSC 201 SNIFFER-PHARM 5279 SNIFFER-PRINT 0 SNIFFER-RICH 840 SNIFFER-SCAM 119 SNIFFER-TOOLS 0 SNIFFER-TRAVEL 43 SNIFFER 12628 SORBS-DUHL 7512 SPAMCOP 10546 SPAMDOMAINS 3380 SPAMHEADERS 293 SPAMTRAP 121 SPFFAIL 209 SURBL 9666 URLDBL 76 WEIGHT15-19 846 WEIGHT20 11987 WHITELISTED 110 Unique messages for local delivery: 5812 Held spam: 4256 (73%) Marked spam: 455 (7%) Non-spam: 1101 (18%) Furthermore, SURBL has a rather low overlap with most other tests (only unique hits are counted here): #Test check - dec0412.log Test: SURBL Number of unique hits: 2849 Shared with SBL (421 hits): 69 (2%) Shared with DSBL (3018 hits): 1951 (68%) Shared with SPAMCOP (3673 hits): 2208 (77%) Shared with AHBL-SOURCE (261 hits): 49 (1%) Shared with CBL (3563 hits): 2232 (78%) Shared with AHBL-PROXY (683 hits): 420 (14%) Shared with OPM (200 hits): 132 (4%) Shared with RSL (240 hits): 163 (5%) Shared with ORDB (22 hits): 8 (0%) Shared with SORBS-DUHL (2510 hits): 1494 (52%) Shared with DSN (479 hits): 299 (10%) Shared with AHBL-RHSBL (346 hits): 184 (6%) Shared with MAILPOLICE (492 hits): 171 (6%) Shared with MAILFROM (161 hits): 67 (2%) Shared with BADHEADERS (682 hits): 290 (10%) Shared with HELOBOGUS (940 hits): 537 (18%) Shared with SPFFAIL (125 hits): 101 (3%) Shared with SPAMHEADERS (248 hits): 43 (1%) Shared with REVDNS (1528 hits): 645 (22%) Shared with COMMENTS (46 hits): 19 (0%) Shared with BASE64 (577 hits): 3 (0%) Shared with SNIFFER (4485 hits): 2830 (99%) Shared with SNIFFER-TRAVEL (7 hits): 7 (0%) Shared with SNIFFER-INSUR (66 hits): 44 (1%) Shared with SNIFFER-TOOLS (0 hits): 0 (0%) Shared with SNIFFER-MEDIA (360 hits): 323 (11%) Shared with SNIFFER-EMAIL (8 hits): 1 (0%) Shared with SNIFFER-PHARM (2188 hits): 1650 (57%) Shared with SNIFFER-SCAM (35 hits): 5 (0%) Shared with SNIFFER-ADULT (470 hits): 290 (10%) Shared with SNIFFER-MAL (2 hits): 0 (0%) Shared with SNIFFER-PRINT (0 hits): 0 (0%) Shared with SNIFFER-RICH (377 hits): 65 (2%) Shared with SNIFFER-CREDIT (249 hits): 172 (6%) Shared with SNIFFER-CASINO (14 hits): 5 (0%) Shared with SNIFFER-GREY (2 hits): 0 (0%) Shared with SNIFFER-OBFUSC (130 hits): 85 (2%) Shared with SNIFFER-EXP (234 hits): 108 (3%) Shared with SNIFFER-GEN (343 hits): 75 (2%) Shared with SPAMDOMAINS (970 hits): 630 (22%) Shared with SPAMTRAP (29 hits): 18 (0%) Shared with FORGEDLOCAL (330 hits): 75 (2%) Shared with NETBL (214 hits): 125 (4%) Shared with URLDBL (52 hits): 6 (0%) Shared with BASE64-PLUS (384 hits): 2 (0%) Shared with GREYLIST (5 hits): 0 (0%) Shared with WEIGHT15-19 (455 hits): 198 (6%) Shared with WEIGHT20 (4256 hits): 2519 (88%) If anyone is interested, I can make the SURBL script available for download (together with some other scripts, e.g., the log analysis and test check scripts that generated the results seen above). The best solution is of course to have the SURBL test implemented directly in Declude, especially since it is a realtime blocklist, but until then this filter will do just fine. /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
RE: [Declude.JunkMail] Surbl.org
If anyone is interested, I can make the SURBL script available for download (together with some other scripts, e.g., the log analysis and test check scripts that generated the results seen above). The best solution is of course to have the SURBL test implemented directly in Declude, especially since it is a realtime blocklist, but until then this filter will do just fine. Roger, Count me in! Regards, Brad Morgan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org
And me too :-) Just an idea... If you ask Scott im sure he will make a link on the webpage for download -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Sent: 13. april 2004 17:32 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Surbl.org Me too :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, April 13, 2004 10:27 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Surbl.org I would be interested in your script until native support is added to Declude. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org
OK, just give me some time to add comments to the scripts. I will post a download link tomorrow or so. /Roger If anyone is interested, I can make the SURBL script available for download (together with some other scripts, e.g., the log analysis and test check scripts that generated the results seen above). The best solution is of course to have the SURBL test implemented directly in Declude, especially since it is a realtime blocklist, but until then this filter will do just fine. Roger, Count me in! Regards, Brad Morgan --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Surbl.org
ditto, count me in - Original Message - From: ISPHuset Nordic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 13, 2004 11:58 AM Subject: RE: [Declude.JunkMail] Surbl.org And me too :-) Just an idea... If you ask Scott im sure he will make a link on the webpage for download -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Sent: 13. april 2004 17:32 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Surbl.org Me too :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, April 13, 2004 10:27 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Surbl.org I would be interested in your script until native support is added to Declude. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Surbl.org
OK, just give me some time to add comments to the scripts. I will post a download link tomorrow or so. Very cool Roger!!! Sheldon Sheldon Koehler, Sr. SysAdminhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org - Scott?
Yes, your 8 minute update timeframe has passed. ;) Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org - Scott?
Hi Scott - Since there does seem to be demand, and since you've indicated that you'll consider this test, perhaps you can give us an estimate of when we might see you integrate it? I'm sure you have nothing else to do: the integration of your new web site is done, you've new ownership and getting them up to speed is finished, and oh yes, you've decided on which other platforms you're going to support. But, all kidding aside, sounds like a good test, sounds like many are interested, and boy, if you're doing it soon I can find something else to spend my time on. Thanks, Rob --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org - Scott?
Since there does seem to be demand, and since you've indicated that you'll consider this test, perhaps you can give us an estimate of when we might see you integrate it? It is very hard to say right now, because of the change in ownership. This would not be a small new feature that could be easily added to an interim release. My best guess would be about a month, but I can't say for sure. I'm sure you have nothing else to do: the integration of your new web site is done, you've new ownership and getting them up to speed is finished, and oh yes, you've decided on which other platforms you're going to support. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Surbl.org
Thanks for the offer, Roger I've noticed that spammers rarely obscure the links, so this simple test should work really well! - Original Message - From: Roger Eriksson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 13, 2004 11:10 AM Subject: Re: [Declude.JunkMail] Surbl.org However I hope to see SURBL soon as an additional Declude test. I just got caught up on this thread and checked out the website for SURBL and I agree! This would help with the stuff that passes all of the other tests. Sheldon Hi, SURBL is surprisingly effective, considering the fact that it only contains about 450-500 entries. I have written a simple command script that downloads the rbldns zone file and converts it to a body filter. I have scheduled it to run once a day. Here are yesterday's stats with 9666 hits for the SURBL test (note that the individual tests show total number of hits, while the spam summary only counts one hit per message irrespective of the number of recipients): # Declude test results -- dec0412.log AHBL-PROXY 1857 AHBL-RHSBL 835 AHBL-SOURCE 302 BADHEADERS 1610 BASE64-PLUS 412 BASE64 786 CBL 10616 COMMENTS 54 DSBL 8875 DSN 1611 FORGEDLOCAL 781 GREYLIST 5 HELOBOGUS 2616 MAILFROM 487 MAILPOLICE 554 MESSAGE OK 2294 NETBL 463 OPM 554 ORDB 24 REVDNS 3028 RSL 673 SBL 571 SNIFFER-ADULT 897 SNIFFER-CASINO 35 SNIFFER-CREDIT 1057 SNIFFER-EMAIL 8 SNIFFER-EXP 578 SNIFFER-GEN 824 SNIFFER-GREY 2 SNIFFER-INSUR 571 SNIFFER-MAL 2 SNIFFER-MEDIA 2172 SNIFFER-OBFUSC 201 SNIFFER-PHARM 5279 SNIFFER-PRINT 0 SNIFFER-RICH 840 SNIFFER-SCAM 119 SNIFFER-TOOLS 0 SNIFFER-TRAVEL 43 SNIFFER 12628 SORBS-DUHL 7512 SPAMCOP 10546 SPAMDOMAINS 3380 SPAMHEADERS 293 SPAMTRAP 121 SPFFAIL 209 SURBL 9666 URLDBL 76 WEIGHT15-19 846 WEIGHT20 11987 WHITELISTED 110 Unique messages for local delivery: 5812 Held spam: 4256 (73%) Marked spam: 455 (7%) Non-spam: 1101 (18%) Furthermore, SURBL has a rather low overlap with most other tests (only unique hits are counted here): #Test check - dec0412.log Test: SURBL Number of unique hits: 2849 Shared with SBL (421 hits): 69 (2%) Shared with DSBL (3018 hits): 1951 (68%) Shared with SPAMCOP (3673 hits): 2208 (77%) Shared with AHBL-SOURCE (261 hits): 49 (1%) Shared with CBL (3563 hits): 2232 (78%) Shared with AHBL-PROXY (683 hits): 420 (14%) Shared with OPM (200 hits): 132 (4%) Shared with RSL (240 hits): 163 (5%) Shared with ORDB (22 hits): 8 (0%) Shared with SORBS-DUHL (2510 hits): 1494 (52%) Shared with DSN (479 hits): 299 (10%) Shared with AHBL-RHSBL (346 hits): 184 (6%) Shared with MAILPOLICE (492 hits): 171 (6%) Shared with MAILFROM (161 hits): 67 (2%) Shared with BADHEADERS (682 hits): 290 (10%) Shared with HELOBOGUS (940 hits): 537 (18%) Shared with SPFFAIL (125 hits): 101 (3%) Shared with SPAMHEADERS (248 hits): 43 (1%) Shared with REVDNS (1528 hits): 645 (22%) Shared with COMMENTS (46 hits): 19 (0%) Shared with BASE64 (577 hits): 3 (0%) Shared with SNIFFER (4485 hits): 2830 (99%) Shared with SNIFFER-TRAVEL (7 hits): 7 (0%) Shared with SNIFFER-INSUR (66 hits): 44 (1%) Shared with SNIFFER-TOOLS (0 hits): 0 (0%) Shared with SNIFFER-MEDIA (360 hits): 323 (11%) Shared with SNIFFER-EMAIL (8 hits): 1 (0%) Shared with SNIFFER-PHARM (2188 hits): 1650 (57%) Shared with SNIFFER-SCAM (35 hits): 5 (0%) Shared with SNIFFER-ADULT (470 hits): 290 (10%) Shared with SNIFFER-MAL (2 hits): 0 (0%) Shared with SNIFFER-PRINT (0 hits): 0 (0%) Shared with SNIFFER-RICH (377 hits): 65 (2%) Shared with SNIFFER-CREDIT (249 hits): 172 (6%) Shared with SNIFFER-CASINO (14 hits): 5 (0%) Shared with SNIFFER-GREY (2 hits): 0 (0%) Shared with SNIFFER-OBFUSC (130 hits): 85 (2%) Shared with SNIFFER-EXP (234 hits): 108 (3%) Shared with SNIFFER-GEN (343 hits): 75 (2%) Shared with SPAMDOMAINS (970 hits): 630 (22%) Shared with SPAMTRAP (29 hits): 18 (0%) Shared with FORGEDLOCAL (330 hits): 75 (2%) Shared with NETBL (214 hits): 125 (4%) Shared with URLDBL (52 hits): 6 (0%) Shared with BASE64-PLUS (384 hits): 2 (0%) Shared with GREYLIST (5 hits): 0 (0%) Shared with WEIGHT15-19 (455 hits): 198 (6%) Shared with WEIGHT20 (4256 hits): 2519 (88%) If anyone is interested, I can make the SURBL script available for download (together with some other scripts, e.g., the log analysis and test check scripts that generated the results seen above). The best solution is of course to have the SURBL test implemented directly in Declude, especially since it is a realtime blocklist, but until then this filter will do just fine. /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail
Re: [Declude.JunkMail] Surbl.org
I responded on the IMGate list, as well. We have been running if for a few days on our SA gateways, and it has been working great, flagging lots of spam. Bill - Original Message - From: Jason [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 12, 2004 8:37 PM Subject: [Declude.JunkMail] Surbl.org From the IMGATE list: http://surbl.org/ Interesting concept. Anyone here tried it? Ive been planning to upgrade SA on my personal acct here and have a few hours to kill on Tues so I think I'm going to add it and see how well it does. Any chance this can be made to work with Declude? Thanks Jason [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Surbl.org
Any chance this can be made to work with Declude? Well, SpamAssassin can. :) Another innocent plug... --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org
Innocent? ;). We are already using spamchk as an external test. I would like to avoid adding spamassassin as well. I was thinking more along the lines of integrating the test into the declude core... Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Monday, April 12, 2004 11:05 PM To: Jason Subject: Re: [Declude.JunkMail] Surbl.org Any chance this can be made to work with Declude? Well, SpamAssassin can. :) Another innocent plug... --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Surbl.org
Scott's already said that they would be looking at integrating the functionality into Declude JunkMail: http://www.mail-archive.com/[EMAIL PROTECTED]/msg17502.html Bill - Original Message - From: Jason [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 12, 2004 9:22 PM Subject: RE: [Declude.JunkMail] Surbl.org Innocent? ;). We are already using spamchk as an external test. I would like to avoid adding spamassassin as well. I was thinking more along the lines of integrating the test into the declude core... Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Monday, April 12, 2004 11:05 PM To: Jason Subject: Re: [Declude.JunkMail] Surbl.org Any chance this can be made to work with Declude? Well, SpamAssassin can. :) Another innocent plug... --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.