Title: What Header does Whitelist file use?
Sorry, you're right... Sometimes when I'm under the
weather I switch things around...
Have you checked the other suggestion... making
sure the last line has a carriage return afterwards?
Darin.
- Original Message -
From: Agid, Corby
As other have noted - don't waste your time.
One of our class C's is part of a class B that a spammer at some time had a
couple of IP blocks in. As their approach is that any collateral damage is
acceptable, they blocked the entire class B.
As reputable and competent administrators do not
Ok of course I upgraded and never thought to check this mailing list, I'm
trying to catch up, but what are the issues with Declude and Imail 8.2? Should
I disable declude?
Big reason I'm asking is I'm getting slow delivery, wondering if this is
because of 8.2 and declude not getting along??
Hi Everyone,
I just purchased declude two days ago. I'm running Declude with message
sniffer on a smartermail server. So far, it is working very well.
The approach that I have been trying to take is to, wherever possible, avoid
creating a custom filter entry to trap a specific email. Below
Best recommendation? Add message sniffer from sortmonster.com. It is the
single best test on our system.
Darin.
- Original Message -
From: Dave Beckstrom [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, September 02, 2005 12:59 PM
Subject: [Declude.JunkMail]
Dave,
One of the biggest things you can do since to help out since you are already
running Sniffer is look at adding URI filtering. For example that domain is
currently listed in black.uribl.com.
If you want to give URI filtering a try check out our site -
http://www.invariantsystems.com
He said he is running mesage sniffer?
He should add INVURIBL to check the URI Black lists.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Darin Cox
Sent: Friday, September 02, 2005 10:35 AM
To: Declude.JunkMail@declude.com
Subject: Re:
Hi Dave:
Welcome!
You'll find that tweaking weights and flters is an ongoing proposition. You
have BADHEADERS weighted at more than half your tag weight, so that is a
good start. I do not add any weight for SPFUNKNOWN, and I have found the
country filter to be of little use.
One
Welcome to the list, Dave!
Sometimes the bad guys win. Like virus detection, spam detection is
mostly a matter of reacting to the bad guys and blocking them, so they
do get some in.
If you try to achieve 100% spam blocking, you will devote your life to
it and you'll burn out after spending too
Title: What Header does Whitelist file use?
I just added a carriage return, but my entry in
question wasn't at the end. I've tweeked my list to hopefully cover
all the options, but now it's a waiting game to see if it actually works since
the senders in question don't send usthings very
Title: What Header does Whitelist file use?
Darin,
I'm still confused on what part of the message
converstation would be compared to the whitelist entry. A message
often has a different values for the From Header and the envelope (not
sure if I'm using the correct terms). The Reverse DNS is
I agree with Andrew's #6
6) Not that *I* would do such a thing, but if *one* were to strobe the
/24 netblock that the message came from, you would see definite patterns
in the naming conventions and could certainly predict how the spammer is
going to change his domain names for the next spam
I'll comment. ;-)
invURIBL and Sniffer are very effective. With these two alone we have
nearly removed ALL body/subject/header/etc... Filtering from Declude. The
email that you questioned about and as Darrell pointed out, did fail
invURIBL on our system as well.
Erik
-Original
Title: What Header does Whitelist file use?
Hi Corby,
The best way to determine explicitly what it's
using is to add custom header to the email. There are several you may find
useful, but the one I'm referring to can be added by adding a line
like
XINHEADERX-Note: FROM:
%MAILFROM%
to your
The first one of these hit my system at about 8:30 a.m. From the first
dozen, two passed and 10 failed a score of 13 (my minimum weight to
block the message for most domains). By 11:30 a.m. messages from this
class C were being picked up by MailPolice, SURBL, Sniffer and SpamCop
and they have
Any comments about this ISP?
It was in my bad mail file and I can not find why it was put in there.
John T
eServices For You
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The
We upgraded to 8.21 and experienced an extremely slow smtp. It got so
bad that connecting MTA's we giving up and retrying, when the message
was actually received but Imail was too slow to acknowledge it.
We rolled back to 8.15. That was on a box running 2003 WEB edition.
We've since tested
I just setup Sniffer for the first time and I'm wondering what people
have their external test weight set to. My global.cfg came with a
sniffer test already configured (though it was commented out) to have a
weight of 7, which actually gives it a weight of 8 for some reason I
couldn't figure
Best thing is to ask on the Sniffer List.
I actually have 17 Sniffer tests based upon exit code, with weights ranging
from 15 to 35. I hold at 25 and delete at 35.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On
Personally, my sniffer is set to 2/3 of my hold weight, that test really
doesn't give me troube as long as I keep my .snf file updated.
I'm curious as to what other people do as well.
- greg
I just setup Sniffer for the first time and I'm wondering what people
have their external test
Does anyone happen to know how Eservice's autothite program validates its
license key against the official host name? Does it compare to an IMAIL
registry key or does it look somewhere else?
I run smartermail and I'm wondering if I add the IMAIL registery keys that
contain the OHN if it wouldn't
John, does that mean sniffer runs 17 times on each mesage, or does it return
multiple codes?
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, September 02, 2005 8:02 PM
Subject: RE: [Declude.JunkMail] Sniffer Question
I have responded to each e-mail, including the one you sent 15 minutes ago.
On the phone on Wednesday, I did explain that AutoWhite is not tested in a
SmarterMail configuration.
AutoWhite for Declude does indeed look at the Imail registry for the OHN.
John T
eServices For You
-Original
In the Global.cfg, as long as the Sniffer call line is the same except for
the return code area, Declude will only call Sniffer once and compare the
exit code to those configured.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL
Sorry to but in - can't resist... ;-)
The test will run only once, but it will be evaluated for each
possible result (Declude is smart that way). You might even have more
than one test use SNF and add weight.. for example, SNIFFER ...
nonzero and SNFSPECIFIC ... result.
Many folks and the AI
Thanks.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, September 02, 2005 8:49 PM
Subject: RE: [Declude.JunkMail] Sniffer Question
In the Global.cfg, as long as the Sniffer call line is the same except for
the
It runs Sniffer once and caches the exit code comparing it to the other
identical sniffer calls with different return codes.
Darrell
---
invURIBL - Intelligent URI Filtering. Stops 85%+ SPAM with the default
configuration. Download a copy today -
Thanks for all your help. I'll refer to the Sniffer list in the
future. But for the moment - I was wondering what the other Sniffer
tests would look like in your global.cfg file.
How do you test for certain return codes?
Also, what criteria are you using for these return codes (in other
Hi everyone,
First I want to thank all of you who responded to my earlier question about
catching the spam that was missed. I adopted some of the suggestions and I
appreciate all of the good advice that was offered. You guys know your
stuff!
I wanted to respond to you all but unfortunately
John,
I just found 17,000 messages backed up in my spool/proc directory. I have
yet to do some research and find out if that is a smartermail directory or
perhaps the declude overflow directory. I moved them back into the spool
and the 17,000 messages just went through.
There were 26 messages
Kevin,
Here is a post to the archive which as an example:
http://www.mail-archive.com/declude.junkmail@declude.com/msg15084.html
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail Queue Monitoring, Declude
I have a theory. I found the Declude process counter tool and I ran it. It
showed an average between 0 - 2 Declude process running. I shut down as
much other stuff as I could and the PROC folder began clearing out. As soon
as I reenabled invURIBL and Message Sniffer the PROC queue began to
Dave,
What is the CPU like of your box with the external tests enabled? Is your
CPU at 100%?
Darrell
---
DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus. Download
it today - http://www.invariantsystems.com
- Original Message
Darrell,
It averages between 25% - 40% with occasional spikes to about 80%.
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED])
Sent: Friday, September 02, 2005 9:20 PM
To: Declude.JunkMail@declude.com
We installed the latest 3.0.3 beta tonight; the decludeproc service shot to 99%
of CPU and stayed there for 15 minutes. During this time we accumulated over
1000 items in the proc folder; nothing was going out.
Anyone else experienced this?
We stopped/re-started the decludeproc service, as
Randy,
One issue I found with 3.0.3 that has been reported to Declude is that the
work directory is not created by default or at least it was not on my
system. Make sure you have a work directory - if not create it (i.e.
/spool/proc/work).
Also, they are investigating another issue where
Dave,
A couple of questions. First off, what is your average daily volume of
E-mail on your server? Secondly, what is your CPU and hard drive
configuration. Thirdly, what version of Declude are you running?
Lastly, when you login as admin and go to Settings General
Settings, what is your
Does anyone happen to know how Eservice's autothite program
validates its license key against the official host name? Does it
compare to an IMAIL registry key or does it look somewhere else?
It uses the IMail top-level hostname from the registry, like old
versions of Declude.
38 matches
Mail list logo