Yeah, Monday morning spam rush and INVURIBL had a bazillion processes and CPU went to 100%. The alarm went off way before there was a problem, so I just commented it out. My people don't abide slow mail.
Would be great to simply expand declude to include this test. - Michael Cummins -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Cummins Sent: Friday, November 22, 2013 2:41 PM To: [email protected] Subject: [MBF]Re: New Version of Declude I uncommented it and it went ahead and made a new log file, so it's working for me right now on 2008 R2 64-bit. In my global.cfg, this is my config line: #==========================================================================================# # EXTERNAL TESTS # #==========================================================================================# INV-URIBL external weight "C:\SMARTERMAIL\declude\invuribl311\invURIBL.exe %WEIGHT% %REMOTEIP%" 7 0 And in my log file, I can see it processing mail: 2013-11-22 14:32:35.420 2013-11-22 14:32:37.183 c:\SmarterMail\Spool\proc\work\3315678492.eml Starting to process message. 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI from message body not listed in uri.invaluement.local [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI from message body not listed in multi.surbl.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI from message body not listed in multi.uribl.com [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI from message body not listed in rhsbl.ahbl.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI from message body not listed in fresh15.spameatingmonkey.net [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI from message body not listed in urired.spameatingmonkey.net [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmartimages.com URI from message body not listed in uri.invaluement.local [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmartimages.com URI from message body not listed in multi.surbl.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmartimages.com URI from message body not listed in multi.uribl.com [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmartimages.com URI from message body not listed in rhsbl.ahbl.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmartimages.com URI from message body not listed in fresh15.spameatingmonkey.net [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml walmartimages.com URI from message body not listed in urired.spameatingmonkey.net [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI from message body not listed in uri.invaluement.local [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI from message body not listed in multi.surbl.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI from message body not listed in multi.uribl.com [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI from message body not listed in rhsbl.ahbl.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI from message body not listed in fresh15.spameatingmonkey.net [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:40.474 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI from message body not listed in urired.spameatingmonkey.net [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:41.847 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com Skipping remaining name server checks - exceeded max name server check value of 3 2013-11-22 14:32:35.420 2013-11-22 14:32:41.847 c:\SmarterMail\Spool\proc\work\3315678492.eml Unable to resolve URI's name servers walmartimages.com (No Nameserver IPs) [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.066 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com 204.2.179.179 URI's name server not found in sbl.spamhaus.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.066 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com 69.31.29.57 URI's name server not found in sbl.spamhaus.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.066 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com 205.178.190.6 URI's name server not found in sbl.spamhaus.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.066 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com 206.188.198.6 URI's name server not found in sbl.spamhaus.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.144 c:\SmarterMail\Spool\proc\work\3315678492.eml Resolved walmart.com to 161.170.244.20 [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.144 c:\SmarterMail\Spool\proc\work\3315678492.eml walmartimages.com Resolved, But No IP Was Returned [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.144 c:\SmarterMail\Spool\proc\work\3315678492.eml Resolved millerconstruction.com to 64.135.79.143 [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.674 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI's IP not listed in sbl.spamhaus.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.674 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI's IP not listed in cn.countries.nerd.dk [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.674 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI's IP not listed in kr.countries.nerd.dk [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.674 c:\SmarterMail\Spool\proc\work\3315678492.eml walmart.com URI's IP not listed in ru.countries.nerd.dk [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.674 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI's IP not listed in sbl.spamhaus.org [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.674 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI's IP not listed in cn.countries.nerd.dk [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.674 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI's IP not listed in kr.countries.nerd.dk [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.674 c:\SmarterMail\Spool\proc\work\3315678492.eml millerconstruction.com URI's IP not listed in ru.countries.nerd.dk [Total Weight=0] 2013-11-22 14:32:35.420 2013-11-22 14:32:42.721 c:\SmarterMail\Spool\proc\work\3315678492.eml Adding Custom Header: X-WDDX-INV-Scan: Scanned by invURIBL 3.1.1 on 11/22/2013 2:32:37 PM 2013-11-22 14:32:35.420 2013-11-22 14:32:42.721 c:\SmarterMail\Spool\proc\work\3315678492.eml Adding Custom Header: X-WDDX-INV-Weight: 0 2013-11-22 14:32:35.420 2013-11-22 14:32:42.721 c:\SmarterMail\Spool\proc\work\3315678492.eml Adding Custom Header: X-WDDX-INV-Range: CLEAN 2013-11-22 14:32:35.420 2013-11-22 14:32:42.736 c:\SmarterMail\Spool\proc\work\3315678492.eml Ending process of message. [Total Weight=0] I have the following tests defined in my INVURIBL.exe.config: <!--URI LIST 1--> <add key="URIBL_List1" value="uri.invaluement.local" /> <add key="URIBL_Weight_List1" value="10" /> <add key="Enable_Custom_Bitmask_Values_URIBL_List1" value="false" /> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List1" value="0" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List1" value="0" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List1" value="0" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List1" value="0" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List1" value="0" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List1" value="0" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List1" value="0" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List1" value="0" /> <!--URI LIST 2--> <add key="URIBL_List2" value="multi.surbl.org" /> <add key="URIBL_Weight_List2" value="0" /> <add key="Enable_Custom_Bitmask_Values_URIBL_List2" value="true" /> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List2" value="0" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List2" value="7" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List2" value="2" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List2" value="5" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List2" value="3" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List2" value="7" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List2" value="10" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List2" value="0" /> <!--URI LIST 3--> <add key="URIBL_List3" value="multi.uribl.com" /> <add key="URIBL_Weight_List3" value="0" /> <!-- BitValue_2 = comes from black.uribl.org --> <!-- BitValue_4 = comes from grey.uribl.org --> <!-- BitValue_8 = comes from red.uribl.org --> <add key="Enable_Custom_Bitmask_Values_URIBL_List3" value="true" /> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List3" value="0" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List3" value="7" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List3" value="0" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List3" value="2" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List3" value="0" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List3" value="0" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List3" value="0" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List3" value="0" /> <!--URI LIST 4--> <add key="URIBL_List4" value="rhsbl.ahbl.org" /> <add key="URIBL_Weight_List4" value="5" /> <add key="Enable_Custom_Bitmask_Values_URIBL_List4" value="false" /> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List4" value="0" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List4" value="0" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List4" value="0" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List4" value="0" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List4" value="0" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List4" value="0" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List4" value="0" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List4" value="0" /> <!--URI LIST 5--> <add key="URIBL_List5" value="fresh15.spameatingmonkey.net" /> <add key="URIBL_Weight_List5" value="5" /> <add key="Enable_Custom_Bitmask_Values_URIBL_List5" value="false" /> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List5" value="0" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List5" value="0" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List5" value="0" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List5" value="0" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List5" value="0" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List5" value="0" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List5" value="0" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List5" value="0" /> <!--URI LIST 6--> <add key="URIBL_List6" value="urired.spameatingmonkey.net" /> <add key="URIBL_Weight_List6" value="5" /> <add key="Enable_Custom_Bitmask_Values_URIBL_List6" value="false" /> <add key="URI_Bitmask_BitValue_1_Weight_URIBL_List6" value="0" /> <add key="URI_Bitmask_BitValue_2_Weight_URIBL_List6" value="0" /> <add key="URI_Bitmask_BitValue_4_Weight_URIBL_List6" value="0" /> <add key="URI_Bitmask_BitValue_8_Weight_URIBL_List6" value="0" /> <add key="URI_Bitmask_BitValue_16_Weight_URIBL_List6" value="0" /> <add key="URI_Bitmask_BitValue_32_Weight_URIBL_List6" value="0" /> <add key="URI_Bitmask_BitValue_64_Weight_URIBL_List6" value="0" /> <add key="URI_Bitmask_BitValue_128_Weight_URIBL_List6" value="0" /> I still pay for the private Invaluement RBL/URIBL, but it's been a long time since I really analyzed its effectiveness. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Cummins Sent: Friday, November 22, 2013 1:45 PM To: [email protected] Subject: [MBF]Re: New Version of Declude Mine is commented out right now, but my last log file is for SEP 16, 2013, so I have definitely had this running on Win2k8R2 64 bit. I think I killed it because I was running Clam AV, Sniffer and INVURIBL all at the command line and it choked during a spam wave, so I started cutting 3rd party apps. Like Andy said earlier - would love to see these sewn these into Declude as an API call. INVURIBL (since it's another defunct product) could literally become part of Declude (as a concept), so we could configure Declude for URIBL the same way we do other RBLs. - Michael Cummins -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Friday, November 22, 2013 1:41 PM To: [email protected] Subject: [MBF]Re: New Version of Declude Andy, have you been able to get InvURIBL to work on Windows Server 2008 64 bit? -----Original Message----- From: "Andy Schmidt" <[email protected]> Sent: Thursday, November 21, 2013 11:06am To: [email protected] Subject: [MBF]Re: New Version of Declude Hi, Ideally I'd like to get away from having to use the command line version of Sniffer - and figure out a way to get the API version of Sniffer working again. The code's already in Declude, so should be primarily a matter of figuring out the logistics so that each client can use their own SNIFFER license. The same is true for the API version of "some" virus scanner - whether AVG or ClamAV. We should eliminate the command line interface in favor of using the API version - then the client can choose to obtain the proper license of ClamAV or AVG. It doesn't have to handle the signature updates or any of those things, I'm fine that this is the customer's responsibility. InvURIBL works just fine here - although there is some overlap with Sniffer as far results. But both ARE using entirely different methology - so having the ability to check URI black lists is a very desirable option, of course - but to me less critical than getting away from command line scanners for Sniffer and Anti-Virus. Best Regards, Andy John T eServices For You ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]> ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[email protected]> To switch to the DIGEST mode, E-mail to <[email protected]> To switch to the INDEX mode, E-mail to <[email protected]> Send administrative queries to <[email protected]>
