[Declude.JunkMail] HTML-Test?
Hi, I'm currently implementing Junkmail. My question: Is there a test if the mail is in HTML or in TEXT-Format? When I check the spam-mails recieved in the past days over 90% of this mails are HTML-formated. So I think HTML-formated mails should recieve 2-3 points in the weighting system. Any suggestions, arguments, info's...? Thanks Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] HTML-Test?
Not to mention that all iMail Web mail is HTML. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, June 12, 2002 8:34 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HTML-Test? I'm currently implementing Junkmail. My question: Is there a test if the mail is in HTML or in TEXT-Format? When I check the spam-mails recieved in the past days over 90% of this mails are HTML-formated. So I think HTML-formated mails should recieve 2-3 points in the weighting system. Any suggestions, arguments, info's...? The problem with this is that most personal E-mail is sent in HTML (you can give a BIG thanks to Microsoft for that one). I believe that the default settings in Outlook will send both text and HTML, even if there is no difference between the text and HTML segments (so even though the E-mail appears to be a plain text E-mail, it has an HTML copy of it). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Actions
My offical hostname in Imail is mail.mydomain.com so my Declude configuration is c:\imail\declude\mail.mydomain.com. In that folder are 3 per user configurations user1.junkmail user2.junkmail and user3.junkmail. If I send an individual message to any of those 3 users explicitly the rules work great. If I send to the alias that points to all 3, it does not work. So.I turned on debug mode and sent a test message. In the debug it said it found the domain name for all 3 users as mydomain.com and was therefor using the c:\imail\$default$.junkmail definition. That sounds like a quirk in the way that IMail processes the aliases. It sounds like it uses the official domain name if E-mail is addressed directly to the user (IE [EMAIL PROTECTED] would get changed to [EMAIL PROTECTED]), but not when aliases are used (so [EMAIL PROTECTED] would get changed to [EMAIL PROTECTED], not [EMAIL PROTECTED]). So yes, in this case you would need to keep two copies of the config file(s). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
AW: [Declude.JunkMail] HTML-Test?
I'm not sure, but as I know, neither Imail-WebMail-Messages are HTML-formated nor this messages are scanned by declude. (on the WebMail-Server side) Scott: Yes I know that Outlook has standard-settings to write HTML-Mails. But on the other side a great part of false-positives on my current settings are server-generated messages (reports, status-notifications ...) and 100% of this mails are in standard Text-format. So HTML-Mails can collect some points that allone not trigger any action but helps to raise the recognition-rate. But when you say to me, that this don't make any sense I will believe it. Markus -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Im Auftrag von Mark Smith Gesendet: Mittwoch, 12. Juni 2002 14:39 An: [EMAIL PROTECTED] Betreff: RE: [Declude.JunkMail] HTML-Test? Not to mention that all iMail Web mail is HTML. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, June 12, 2002 8:34 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HTML-Test? I'm currently implementing Junkmail. My question: Is there a test if the mail is in HTML or in TEXT-Format? When I check the spam-mails recieved in the past days over 90% of this mails are HTML-formated. So I think HTML-formated mails should recieve 2-3 points in the weighting system. Any suggestions, arguments, info's...? The problem with this is that most personal E-mail is sent in HTML (you can give a BIG thanks to Microsoft for that one). I believe that the default settings in Outlook will send both text and HTML, even if there is no difference between the text and HTML segments (so even though the E-mail appears to be a plain text E-mail, it has an HTML copy of it). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Declude JunkMail v1.54 (beta) released
Ah, is that the same as when someone sends to [EMAIL PROTECTED]? If so, meaning that the folder could be POP'ed by checking [EMAIL PROTECTED]? At 09:58 PM 6/11/2002, you wrote: does the FOLDER option accept a full drive/directory path, i.e. d:\mail\spam or does it only accept a name of a folder, assumed to start at a preset dir, i.e. \spool\foldername - or am I entirely off-base? The folder action stores the E-mail into a *user* folder, not a file system directory. For example, WEIGHT10 FOLDER spam would be the spam folder in web messaging. Kind of like Hotmail's Bulk Mail folder. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . Jeff Lesperance Matrix Group International, Inc. 1033 N. Fairfax St. 2nd floor Alexandria, VA 22314 703.838.9777 x3002 *** Custom Web Solution and Web-Based Association Management Software. Have you been Maxximized? http://www.matrixmaxx.net *** --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] How can I let mails with 'Blank Folding' Vulnerability
Thanks, I agree we'll take the later tact at first -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, June 12, 2002 10:10 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] How can I let mails with 'Blank Folding' Vulnerability Using the pro version of AV how can I allow mail for a certain user through even though it has been detected with the Outlook 'Blank Folding' Vulnerability. The mail also contains important attachments for this user. You can turn off virus scanning for that one user if you want. There is no way to disable just the vulnerability tests for a specific user. The only option to make sure that viruses aren't intentionally allowed through, however, is to get the person sending the E-mail to fix the problem. With the current situation with spam and viruses, people sending broken mail and mail that could be dangerous are going to have to learn to fix these problems. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] W32/Fretham-Fam stopped with Junkmail attachment filtering?
Using Junkmail settings, we prohibit attachments with the extensions .exe,.com,.vbs,.pif,.scr,.bat,.cmd. Is this virus only spread by the .exe attachment and are we protected with those settings? (We also scan using f-Prot!) Todd --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] W32/Fretham-Fam stopped with Junkmailattachment filtering?
Using Junkmail settings, we prohibit attachments with the extensions .exe,.com,.vbs,.pif,.scr,.bat,.cmd. Actually, it's Declude Virus that can block file attachments, not Declude JunkMail. Is this virus only spread by the .exe attachment and are we protected with those settings? (We also scan using f-Prot!) As far as we know, all the Fretham variants only use a .exe file. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] HUGE spool folder
Howdy to all. I know this isn't an IMail support list, but perhaps someone can shed some light on this situation . . . I upgraded from IMail 6.06 to IMail 7.1 HF1 a few days ago. Since then, my spool directory has grown by leaps and bounds. It normally runs between 300 and 500 files (I think). Yesterday evening it was at about 1500.Earlier this afternoon itpassed2800. Now it's about 2750. I've moved (a few) files older than 3 days out of the queue, it didn't make any difference -- spool keeps growing. They look like normalT, D, and Q files dated within the last three days, but why are there so many??? I'm not getting any specific complaints about undelivered or missing mail from my users. I am running Declude JunkMail and Virus. Perhaps the extra processing is putting too much of a load on the server? Per WhatsUp, SMTP and/or HTTP (WebMail) keeps bouncing up and down, but the services never actually fail. SMTP and POP3 are a touch sluggish in my OE, but they do work. WebMessaginghas also been a touchflaky, and there were a few complaints from users yesterday. Yesterday afternoon I changed my default$junkmail$.config to HOLD on WEIGHT30. I do think the spool started growing *before* that change, but in case I'm mistaken and it was after, would there be any connection?? Thanks! Glenn Z.
Re: [Declude.JunkMail] HUGE spool folder
I upgraded from IMail 6.06 to IMail 7.1 HF1 a few days ago. Since then, my spool directory has grown by leaps and bounds. It normally runs between 300 and 500 files (I think). Yesterday evening it was at about 1500. Earlier this afternoon it passed 2800. Now it's about 2750. I've moved (a few) files older than 3 days out of the queue, it didn't make any difference -- spool keeps growing. They look like normal T, D, and Q files dated within the last three days, but why are there so many??? I'm not getting any specific complaints about undelivered or missing mail from my users. I am running Declude JunkMail and Virus. Perhaps the extra processing is putting too much of a load on the server? That shouldn't be it -- you should see similar loads on 6.06 and 7.1. Have you checked the spool files to see if there is any pattern to what is in there, to make sure the problem isn't a mail loop, for example? Yesterday afternoon I changed my default $junkmail$.config to HOLD on WEIGHT30. I do think the spool started growing *before* that change, but in case I'm mistaken and it was after, would there be any connection?? What was it before? If it was DELETE before, there would be slightly more system load having it at HOLD, but it shouldn't be enough to cause mail delivery to slow down. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] HUGE spool folder
Before changing WEIGHT30 to HOLD, it was WARN. WEIGHT10, 14, and 20 are still WARN. All other tests are LOG. G.Z. - Original Message - From: R. Scott Perry To: [EMAIL PROTECTED] Sent: Wednesday, June 12, 2002 6:10 PM Subject: Re: [Declude.JunkMail] HUGE spool folder I upgraded from IMail 6.06 to IMail 7.1 HF1 a few days ago. Since then, my spool directory has grown by leaps and bounds. It normally runs between 300 and 500 files (I think). Yesterday evening it was at about 1500. Earlier this afternoon it passed 2800. Now it's about 2750. I've moved (a few) files older than 3 days out of the queue, it didn't make any difference -- spool keeps growing. They look like normal T, D, and Q files dated within the last three days, but why are there so many??? I'm not getting any specific complaints about undelivered or missing mail from my users.I am running Declude JunkMail and Virus. Perhaps the extra processing is putting too much of a load on the server?That shouldn't be it -- you should see similar loads on 6.06 and 7.1.Have you checked the spool files to see if there is any pattern to what is in there, to make sure the problem isn't a mail loop, for example?Yesterday afternoon I changed my default $junkmail$.config to HOLD on WEIGHT30. I do think the spool started growing *before* that change, but in case I'm mistaken and it was after, would there be any connection??What was it before? If it was DELETE before, there would be slightly more system load having it at HOLD, but it shouldn't be enough to cause mail delivery to slow down. -Scott---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". You can E-mail[EMAIL PROTECTED] for assistance. You can visit our website at http://www.declude.com .
RE: [Declude.JunkMail] HUGE spool folder
Title: Message Are you sure they're not NDR's from Klez? I've been flooded with them. I had to change my SMTP retry to 6 hours. Check for that and also use SpamReview to look at the HOLD items. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Glenn \ WCNetSent: Wednesday, June 12, 2002 7:14 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] HUGE spool folder Before changing WEIGHT30 to HOLD, it was WARN. WEIGHT10, 14, and 20 are still WARN. All other tests are LOG. G.Z. - Original Message - From: R. Scott Perry To: [EMAIL PROTECTED] Sent: Wednesday, June 12, 2002 6:10 PM Subject: Re: [Declude.JunkMail] HUGE spool folder I upgraded from IMail 6.06 to IMail 7.1 HF1 a few days ago. Since then, my spool directory has grown by leaps and bounds. It normally runs between 300 and 500 files (I think). Yesterday evening it was at about 1500. Earlier this afternoon it passed 2800. Now it's about 2750. I've moved (a few) files older than 3 days out of the queue, it didn't make any difference -- spool keeps growing. They look like normal T, D, and Q files dated within the last three days, but why are there so many??? I'm not getting any specific complaints about undelivered or missing mail from my users.I am running Declude JunkMail and Virus. Perhaps the extra processing is putting too much of a load on the server?That shouldn't be it -- you should see similar loads on 6.06 and 7.1.Have you checked the spool files to see if there is any pattern to what is in there, to make sure the problem isn't a mail loop, for example?Yesterday afternoon I changed my default $junkmail$.config to HOLD on WEIGHT30. I do think the spool started growing *before* that change, but in case I'm mistaken and it was after, would there be any connection??What was it before? If it was DELETE before, there would be slightly more system load having it at HOLD, but it shouldn't be enough to cause mail delivery to slow down. -Scott---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". You can E-mail[EMAIL PROTECTED] for assistance. You can visit our website at http://www.declude.com .
RE: [Declude.JunkMail] HUGE spool folder
We had a situation twice today where IMAIL just quit delivering messages. We sent out a relatively small mailing of 2,000+ messages from another sever but the bounces came back to our Imail server. Each time the server received maybe 200 messages at one time. The declude overflow folder had 100-170 or so and another 30 in the spool. Declude left a number of .vir directories and in Task manager there were many (didn't count them) declude.exe tasks accompanied by an equal number of sniffer.exe tasks. There was not a corresponding SMTP task for each one. Toggling the mail server itself did not help. The messages would not send using the console. Finally I rebooted the server. As soon as it came up the overflow directory emptied and most of the queue emptied except for the 30 or so messages in the queue which were stuck before reboot in some stage of delivery. I had to send them one by one from the console. They all delivered - just took me a few minutes to send them. I think all of them were local deliveries from . In the log files I got a few of these errors new to me anyway: local fail to domain account-main (310) 0 I had to delete the .vir directories. Some had files in them. This is the first time we've seen this in similar mailings. I think it may have something to do with sniffer's interaction with declude when a bunch of messages are moved to the overflow directory. Sniffer is the only significant change we've made in the last few days. Declude seems to be doing what it is supposed to do but something at some point simply stops Imail from delivering certain messages in the spool and then Declude never puts the overflow back until I reboot. We had a morning mailing and an afternoon mailing and the same thing happened in each case. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] HUGE spool folder
Declude left a number of .vir directories ... Were there any error messages in the log file? If Declude Virus can't delete the .vir directories, there should be a log file entry with more information as to what happened. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] HUGE spool folder
Forgot to check. Yes - we had these lines coincidental with the incident: --- 06/12/2002 10:04:46 Q62be1d8101fe3fd0 ERROR: Virus scanner didn't finish after 60 seconds; terminating. Then 39 more virus free lines followed by 10 scanner didn't finish lines. Then some more virus free and more didn't finish - until I rebooted. Nothing strange in the JunkMail logs in the morning but these were at the afternoon incident: 06/12/2002 16:57:37 Passing to SMTP1: -v C:\IMail\spool\Qb68b00160216f9ee.SMD 06/12/2002 16:57:41 Passing to SMTP1: -v C:\IMail\spool\Qb68b004c01eaf8a4.SMD Terry Fritts Wednesday, June 12, 2002 you wrote: RSP Were there any error messages in the log file? If Declude Virus can't RSP delete the .vir directories, there should be a log file entry with more RSP information as to what happened. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] HUGE spool folder
Forgot to check. Yes - we had these lines coincidental with the incident: --- 06/12/2002 10:04:46 Q62be1d8101fe3fd0 ERROR: Virus scanner didn't finish after 60 seconds; terminating. That would explain the leftover .vir directories. Given the volume you had at the time, it sounds like the CPU was extremely busy, and these may have been valid timeouts. Could those 2,000 E-mails be sent in batches? IMail's architecture makes it handle large volumes of E-mail best when they are batched (whether or not Declude is being used). 06/12/2002 16:57:37 Passing to SMTP1: -v C:\IMail\spool\Qb68b00160216f9ee.SMD 06/12/2002 16:57:41 Passing to SMTP1: -v C:\IMail\spool\Qb68b004c01eaf8a4.SMD Any chance you used the Send One button in IMail Administrator around that time? That message will show up if you have the logging level set to MID or higher, and IMail starts Declude with an extra parameter (-v in this case, which I believe is used with the Send One, and indicates extra logging). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
