Re: [Declude.JunkMail] NRECIPS variable
I have an custom external test that gets passed the %NRECIPS% variable. The test is never seeing a value for NRECIPS greater than 99. Is there something in the Declude code limiting this value to 99? In some places in Declude JunkMail there is a limit of 100 recipients, which is the recommended maximum number of recipients per E-mail per RFC821. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Newbie here, how to send msg from holder mailbox to recipient?
> How do I go about doing this, while trying to keep the header intact so that > the user > sees the msg as if it was never intercepted? I avoid that by using HOLD instead of ROUTETO and then using Spam Review to check the message. If it is legit, simple place it back in the queue. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spews is incompetent (well, overzealous at least)
Here Here! I'm not defending them at all but they really should use something other then that kiddy farm newsgroup to communicate with. I really think that's half of their perception problem. Of course their guerilla tactics don't help! > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Phillip B. Holmes > Sent: Wednesday, February 05, 2003 8:03 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Spews is incompetent (well, > overzealous at least) > > > Well, > > Nah, they're incompetent, overzealous and irresponsible. > Did I say that out loud? > > I feel like I did my part. Today we helped convinced another > mid-sized provider (http://www.OLM.com) to stop using spews > completely. They implemented spews on 02/03/03 and by > 02/05/03 it was gone. > However, I can't take all the credit. There were PLENTY of > ticked off users and admins reading them the riot act. > > > Regards, > > Phillip B. Holmes > Media Resolutions Inc. > Macromedia Alliance Partner > http://www.mediares.com > [EMAIL PROTECTED] > 1-888-395-4678 > 972-889-0201 > > /* Please send support requests to > [EMAIL PROTECTED] */ > > Failure is not falling down but refusing to get up.--- Chinese Proverb > > > > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Colbeck, Andrew > Sent: Wednesday, February 05, 2003 6:02 PM > To: '[EMAIL PROTECTED]' > Subject: [Declude.JunkMail] Spews is incompetent (well, overzealous at > least) > > > Check out this article if you haven't already. > http://www.theregister.co.uk/content/6/29159.html The link to the Newsgroup message thread for pro vs. con is worth a read, and includes some gems. The short of it is that spews.org often lists a much bigger netblock than they need to, on the philosophy that users of their system prefer to not deal at all with an ISP that is receiving income by hosting a spammer. For similar reasons, even though it's a pretty darn big ISP through acquisitions, my ISP is listed in XBL and BLARS for a very small number of spammer infractions. I use OSSRC but give it a relatively low weight due to the likelihood of throwing the baby out with the bathwater. Andrew. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] NRECIPS variable
Is there a way I can get access to the real number of recipients even if it is over 100 (without parsing the Q*.SMD file)? Perhaps a new variable %NTOTALRECIPS% ? -Original Message- From: "R. Scott Perry" Sent: Thu, 06 Feb 2003 08:11:50 -0500 Subject: Re: [Declude.JunkMail] NRECIPS variable >I have an custom external test that gets passed the %NRECIPS% >variable. The test is never seeing a value for NRECIPS greater than >99. Is there something in the Declude code limiting this value to 99? In some places in Declude JunkMail there is a limit of 100 recipients, which is the recommended maximum number of recipients per E-mail per RFC821. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filter on Body question
Scott, What about if you have SUBJECT 5 CONTAINS LINKS also? With that count twice? so will it fail the SUBJECT if it has links in the subject, and BODY if the body has links in it? Or does it stop when it fails whichever is listed first? Paul > It will only count it once. So an E-mail with a body of "Here are some > links" will be treated exactly the same as an E-mail with a body of "Here > are some links to links." > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filter on Body question
What about if you have SUBJECT 5 CONTAINS LINKS also? Each line in a filter will only be counted once. However: so will it fail the SUBJECT if it has links in the subject, and BODY if the body has links in it? Or does it stop when it fails whichever is listed first? If you have 2 separate lines -- "SUBJECT 5 CONTAINS links" and "BODY 5 CONTAINS links", each one will count, so if both the subject and the body contain "links", then 10 will get added to the weight of the E-mail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] NRECIPS variable
Is there a way I can get access to the real number of recipients even if it is over 100 (without parsing the Q*.SMD file)? Perhaps a new variable %NTOTALRECIPS% ? In the next release, %NRECIPS% will reflect the actual number of recipients, without the limit of 100 being imposed. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] NRECIPS variable
Awesome! Thanks Scott. -Original Message- From: "R. Scott Perry" Sent: Thu, 06 Feb 2003 10:14:30 -0500 Subject: Re: [Declude.JunkMail] NRECIPS variable >Is there a way I can get access to the real number of recipients even if >it is over 100 (without parsing the Q*.SMD file)? >Perhaps a new variable %NTOTALRECIPS% ? In the next release, %NRECIPS% will reflect the actual number of recipients, without the limit of 100 being imposed. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Log Analyzer - Comments Needed
*Sorry if this is outside the realm in which the forum should be used. Several of my customers have started asking me for reports on what Declude is blocking for their domain or a certain user. Obtaining this information was challenging manually sifting through the logs - to say the least. I then decided to write an analyzer that could accomplish what I needed. It's a good portion of the way wrote, and I am thinking about making it public at some point when it is completely finished. However, I was looking for features that people would like that I may not have thought of at this point. Currently right now it can do the following 1.) Report on Number of messages that fails each test. 2.) Comprehensive reporting on each individual tests. Reports can be generated based on (to, from, domain, subjects, date, time). 3.) Report on individual domains and which messages failed which tests 4.) Report on individual users and which messages failed which tests. 5.) It is a console application written in C# (.net). It is self contained and does not need any external databases like SQL Server or MSDE. Things Still to be added 1.) Ability to email the reports Thanks Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New spam propagation
Lately, one of our clients has been getting adult spam every day that passes all tests except SPAMHEADERS and SPAMCHECK with a SPAMCHECK weight of 6, so it passes. Looking through the source code in the body, the only pattern I found was that the example name changed every day but was always a legit example name prefixed by http_:_//_links_2.1 without the underscores. They are registering example names exactly like legit ones but they all have 1 in front, like 1example.com and 1msn.com and so forth. What I have done then is added to my grayfilter the following line: BODY 50 CONTAINS http_:_//_links_2.1 (without the underscores) Anybody think of a better way to catch things like this? Here is the full body source, innocent protected: (underscores added) #
John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com
[Declude.JunkMail] Action for Multiple Tests
Is there a way to bounce messages based on the failure of multiple tests? Philip Butler Internal Systems Engineer Region VI ESC phone 936.435.2503 fax 936.295.1447 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Action for Multiple Tests
Is there a way to bounce messages based on the failure of multiple tests? You can, using the weighting system. However, it is NOT RECOMMENDED. Bouncing E-mail should *ONLY* been done when there is a very good chance that it is legitimate mail (which is why bouncing should rarely be used -- few people intentionally bounce valid E-mail). Specifically, since nearly 99% of spam is sent with bogus return addresses, you just end up making the spam problem worse. For example, if you receive 1,000 spams a day that are caught (held) with the WEIGHT20 test, and then today change that action to bounce the E-mail, you are increasing spam worldwide by 1,000 spams a day. That's bad. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Action for Multiple Tests
> 99% of spam is sent with bogus return addresses, you just end up making the > spam problem worse. For example, if you receive 1,000 spams a day that are > caught (held) with the WEIGHT20 test, and then today change that action to > bounce the E-mail, you are increasing spam worldwide by 1,000 spams a > day. That's bad. I have it set so WEIGHT 10 marks it (in headers, I should do this in the subject), WEIGHT 15 bounces and WEIGHT 20 deletes it. It works for me so far. I do get some responses from people on bounced email and I do my best to help them and/or whitelist their email address. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Action for Multiple Tests
> 99% of spam is sent with bogus return addresses, you just end up making the > spam problem worse. For example, if you receive 1,000 spams a day that are > caught (held) with the WEIGHT20 test, and then today change that action to > bounce the E-mail, you are increasing spam worldwide by 1,000 spams a > day. That's bad. I have it set so WEIGHT 10 marks it (in headers, I should do this in the subject), WEIGHT 15 bounces and WEIGHT 20 deletes it. It works for me so far. I do get some responses from people on bounced email and I do my best to help them and/or whitelist their email address. The problem isn't with the legitimate mail -- it's with the real spam. If you bounce 1,000 spams per day (rather than hold them), you're contributing to the spam problem (essentially being a spammer yourself, as you are sending out unwanted E-mail). Imagine if a spammer sends out 1,000,000 E-mails with *YOUR* return address. How are you going to feel about the company or ISP that bounces that spam to you? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches both viruses and vulnerabilities in E-mail, with no annual licensing fees. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Action for Multiple Tests
> Imagine if a spammer sends out 1,000,000 E-mails with *YOUR* return > address. How are you going to feel about the company or ISP that bounces > that spam to you? I have adjusted my weights enough that the real spam does get trashed for the most part. But the bounce messages help me know about the false positives and people really do appreciate it when I help them get their mail server fixed. And I had to laugh when postmaster was a spammer a couple weeks ago :) My postmaster box was real busy for a few days! Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelist TO
I have a user that I need to deliver 1000 held spam messages to. The user is on a "Store and Forward" domain. If I just copy the Q/D's back into the spool folder will not Declude Pro just stop them again? I assume I need to temporarily add a Whitelist To. Do I do this in global.cfg for this user or do I need to create the domain subfolder and do it in there? Thanks David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude JunkMail v1.67 (beta) released
on 2/4/03 1:23 PM, R. Scott Perry wrote: >> Would it be possible to change the format to this? >> >> COMMENTS comments 5 x 10 0 >> COMMENTS comments 5 weight 10 0 >> >> Where the number is the minimum needed to fail the test. >> The second value indicates whether or not the admin wants a cumulative >> weight. >> The third and forth values indicate base weights as normal. > > I'll check to see if we may be able to do that. Is this request available in the latest interim release or are you still checking into it? Thanks, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist TO
They only get scanned once, so copy away. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED]] On Behalf Of David Sullivan > Sent: Thursday, February 06, 2003 12:48 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Whitelist TO > > I have a user that I need to deliver 1000 held spam messages to. The user > is on a "Store and Forward" domain. > If I just copy the Q/D's back into the spool folder will not Declude Pro > just stop them again? > > I assume I need to temporarily add a Whitelist To. Do I do this in > global.cfg for this user or do I need to create the domain subfolder and do > it in there? > > Thanks > > David > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist TO
They only get scanned once, so copy away. So even with Pro, all I need to do is drop them back in the Spool folder and they'll get automatically delivered? This worked with Standard but I thought we ran into a problem when we tried this with Pro since it does outbound filtering as well. Thanks David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist TO
I have a user that I need to deliver 1000 held spam messages to. The user is on a "Store and Forward" domain. If I just copy the Q/D's back into the spool folder will not Declude Pro just stop them again? No, it will not -- Declude will automatically ignore any E-mail that has already been scanned. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude JunkMail v1.67 (beta) released
>> Would it be possible to change the format to this? >> >> COMMENTS comments 5 x 10 0 >> COMMENTS comments 5 weight 10 0 >> >> Where the number is the minimum needed to fail the test. >> The second value indicates whether or not the admin wants a cumulative >> weight. >> The third and forth values indicate base weights as normal. > > I'll check to see if we may be able to do that. Is this request available in the latest interim release or are you still checking into it? There still isn't a final answer on this one. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist TO
> No, it will not -- Declude will automatically ignore any E-mail that has > already been scanned. Does it look at headers and not re-scan or is Declude called in the process before Imail writes the Q file? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist TO
> No, it will not -- Declude will automatically ignore any E-mail that has > already been scanned. Does it look at headers and not re-scan or is Declude called in the process before Imail writes the Q file? Neither, actually. :) When an E-mail arrives, IMail places it in the spool directory, and then calls Declude (which scans the E-mail, and sends it back to IMail for delivery). When IMail does a "queue run" (going through the queue to re-try E-mail that has been tried before), or when individual E-mails that are already in the spool are sent out (using "Send One" in the IMail Administrator), IMail will still call Declude -- but in these cases, Declude sees that IMail is processing an E-mail that has already been processed (based on what IMail tells Declude), and Declude stops the scan there. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist TO
> the spool are sent out (using "Send One" in the IMail Administrator), IMail > will still call Declude -- but in these cases, Declude sees that IMail is > processing an E-mail that has already been processed (based on what IMail > tells Declude), and Declude stops the scan there. Thanks for the clarification. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log Analyzer - Comments Needed
Darrell, That is awesome. I get those same requests from our clients weekly. I appreciate your time in writing it. Keith > -Original Message- > From: Darrell L. [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 06, 2003 11:35 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Log Analyzer - Comments Needed > > > *Sorry if this is outside the realm in which the forum should be used. > > Several of my customers have started asking me for reports on > what Declude is blocking for their domain or a certain user. > Obtaining this information was challenging manually sifting > through the logs - to say the least. I then decided to write > an analyzer that could accomplish what I needed. > > It's a good portion of the way wrote, and I am thinking about > making it public at some point when it is completely finished. > > However, I was looking for features that people would like > that I may not have thought of at this point. > > Currently right now it can do the following > > 1.) Report on Number of messages that fails each test. > 2.) Comprehensive reporting on each individual tests. > Reports can be generated based on (to, from, domain, > subjects, date, time). > 3.) Report on individual domains and which messages failed which tests > 4.) Report on individual users and which messages failed which tests. > 5.) It is a console application written in C# (.net). It is > self contained and does not need any external databases like > SQL Server or MSDE. > > Things Still to be added > 1.) Ability to email the reports > > > Thanks > Darrell > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Log Analyzer - Comments Needed
> However, I was looking for features that people would like that I may > not have thought of at this point. > Things Still to be added > 1.) Ability to email the reports Darrell, I like your list so far. Can the email be a small summary and how hard would it be to have a web page for the detailed stats? For example, I get today's email and see a big spike and want to see why and I just click on the link in the email... Can you include Virus info as well? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Action for Multiple Tests
That makes sense. So if I just want to HOLD or DELETE it, is there a good reference document that I can look at which will demonstrate how to use the weighted system to respond to messages which fail multiple tests? Philip Butler Internal Systems Engineer Region VI ESC phone 936.435.2503 fax 936.295.1447 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, February 06, 2003 1:21 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Action for Multiple Tests >Is there a way to bounce messages based on the failure of multiple tests? You can, using the weighting system. However, it is NOT RECOMMENDED. Bouncing E-mail should *ONLY* been done when there is a very good chance that it is legitimate mail (which is why bouncing should rarely be used -- few people intentionally bounce valid E-mail). Specifically, since nearly 99% of spam is sent with bogus return addresses, you just end up making the spam problem worse. For example, if you receive 1,000 spams a day that are caught (held) with the WEIGHT20 test, and then today change that action to bounce the E-mail, you are increasing spam worldwide by 1,000 spams a day. That's bad. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Action for Multiple Tests
That makes sense. So if I just want to HOLD or DELETE it, is there a good reference document that I can look at which will demonstrate how to use the weighted system to respond to messages which fail multiple tests? What are you looking to do? The weighting system works by assigning a "spam weight" to each E-mail, based on the tests that it fails. For example, if it fails the BADHEADERS test (which has a weight of 8 by default) and the DSBL test (which has a weight of 6 by default), the total "spam weight" for the E-mail would be 14 (8 plus 6). If you wanted to hold all incoming E-mail with a weight of 20 or higher, you would then add the following line to your \IMail\Declude\$default$.JunkMail file: WEIGHT10HOLD -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] New Tests?
> CYBERsitter, now known as SpamManager, is being beta tested by a > number of us with excellent results. It is coming close to being > released. Some information may be found here, www.spammanager.com. Hey, SPAManager's my trademark! No fair! :)) -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Newbie here, how to send msg from holder mailbox to recipient?
Steve, If I am not mistaken (Scott can correct me), since Declude has already looked at it once, you can forward this to the intended user and it won't get scanned again by JunkMail. Keith -Original Message- From: Steve Jensen [mailto:[EMAIL PROTECTED]] Sent: Wed 2/5/2003 9:51 PM To: [EMAIL PROTECTED] Cc: Subject: [Declude.JunkMail] Newbie here, how to send msg from holder mailbox to recipient? So I am running the weight10 test, and doing a ROUTETO to a mailbox called [EMAIL PROTECTED] I have some legit messages in the box, that I need to get to the intended users here at work. How do I go about doing this, while trying to keep the header intact so that the user sees the msg as if it was never intercepted? Thanks Steve Jensen --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. <>
RE: [Declude.JunkMail] Spews is incompetent (well, overzealous at least)
Mark, I may be off base here, but I am almost positive that spews.org offers no way of communicating with people. There is no way to contact them. Regards, Phillip B. Holmes Media Resolutions Inc. Macromedia Alliance Partner http://www.mediares.com [EMAIL PROTECTED] 1-888-395-4678 972-889-0201 /* Please send support requests to [EMAIL PROTECTED] */ Failure is not falling down but refusing to get up.--- Chinese Proverb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith Sent: Thursday, February 06, 2003 8:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Spews is incompetent (well, overzealous at least) Here Here! I'm not defending them at all but they really should use something other then that kiddy farm newsgroup to communicate with. I really think that's half of their perception problem. Of course their guerilla tactics don't help! > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Phillip B. Holmes > Sent: Wednesday, February 05, 2003 8:03 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Spews is incompetent (well, > overzealous at least) > > > Well, > > Nah, they're incompetent, overzealous and irresponsible. > Did I say that out loud? > > I feel like I did my part. Today we helped convinced another > mid-sized provider (http://www.OLM.com) to stop using spews > completely. They implemented spews on 02/03/03 and by > 02/05/03 it was gone. > However, I can't take all the credit. There were PLENTY of > ticked off users and admins reading them the riot act. > > > Regards, > > Phillip B. Holmes > Media Resolutions Inc. > Macromedia Alliance Partner > http://www.mediares.com > [EMAIL PROTECTED] > 1-888-395-4678 > 972-889-0201 > > /* Please send support requests to > [EMAIL PROTECTED] */ > > Failure is not falling down but refusing to get up.--- Chinese Proverb > > > > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Colbeck, Andrew > Sent: Wednesday, February 05, 2003 6:02 PM > To: '[EMAIL PROTECTED]' > Subject: [Declude.JunkMail] Spews is incompetent (well, overzealous at > least) > > > Check out this article if you haven't already. > http://www.theregister.co.uk/content/6/29159.html The link to the Newsgroup message thread for pro vs. con is worth a read, and includes some gems. The short of it is that spews.org often lists a much bigger netblock than they need to, on the philosophy that users of their system prefer to not deal at all with an ISP that is receiving income by hosting a spammer. For similar reasons, even though it's a pretty darn big ISP through acquisitions, my ISP is listed in XBL and BLARS for a very small number of spammer infractions. I use OSSRC but give it a relatively low weight due to the likelihood of throwing the baby out with the bathwater. Andrew. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. BEGIN:VCARD VERSION:2.1 N:Holmes;Phillip;B. FN:Phillip B. Holmes ([EMAIL PROTECTED]) ORG:Media Resolutions Inc.;IT TITLE:Vice-President TEL;WORK;VOICE:(972) 889-0201 TEL;CELL;VOICE:214-995-6175 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;1-888-395-4678;16415 Addison=0D=0ASuite 610;Addison;TX;75001;United States = of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:1-888-395-4678=0D=0A16415 Addison=0D=0ASuite 610=0D=0AAddison, TX 75001=0D= =0AUnited States of America URL;WORK:http://www.mediaresolutions.com EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20021128T173226Z END:VCARD
[Declude.JunkMail] newbie progress
the HOLD command did the trick. Keith, I didn't understand your suggestion. If i run declude, and it does a HOLD on a particular msg that turns out to be legit, it still requires my intervention. I go in the spam dir, look at the msg, see it's legit and dragndrop to the spool dir. Is there a way to do it other than this? Steve --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] newbie progress
spamreview from slsoft.com http://www.slsoft.com/spamreview.htm Donate to the guy. Love the program. Only have one wish and that is the ability to create filters with wildcards. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - eBay UserID : macahan -- SJ> the HOLD command did the trick. SJ> Keith, I didn't understand your suggestion. SJ> If i run declude, and it does a HOLD on a particular msg that turns out to SJ> be legit, SJ> it still requires my intervention. I go in the spam dir, look at the msg, SJ> see it's legit and SJ> dragndrop to the spool dir. SJ> Is there a way to do it other than this? SJ> Steve SJ> --- SJ> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] SJ> --- SJ> This E-mail came from the Declude.JunkMail mailing list. To SJ> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and SJ> type "unsubscribe Declude.JunkMail". The archives can be found SJ> at http://www.mail-archive.com. SJ> --- SJ> [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Error in Declude log file
This is what I’m getting in my Declude log: 02/07/2003 02:00:05 Warning: misconfiguration in following line in global.cfg file (ip4r is not an ACTION) 02/07/2003 02:00:05 DSBL ip4r list.dsbl.org * 6 0 This is the line in my global.cfg file that I copied and pasted from the latest available global.cfg file on the declude site DSBL ip4r list.dsbl.org * 6 0 MONKEYFORMMAIL ip4r formmail.relays.monkeys.com * 7 0 I have since commented it out with the # sign. Any ideas on what is wrong with that line? Thanks - Marc
