Re: [Declude.JunkMail] Auto White Listing
Scott added this in 1.76 beta: BYPASSWHITELIST bypasswhitelisting 20 3 0 0 This tries to defeat this if the email has a weight of 20 and has 3 or more recipients. I enabled it right away and have not seen the usual emails I had been getting because one of my users is whitelisting [EMAIL PROTECTED] Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Log to syslog option
Scott, any more thought of adding the option to logging to a syslog? Not at this time, mainly because of the amount of work that would need to go into creating the option and testing it. At this point, new methods of detecting spam will take priority. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Auto White Listing
Jonathan wrote: If this is the case, then the second part of Scott's explanation doesn't make sense. Why didn't he just say, "Yes, once it's in someone's address book, then it's whitelisted for everyone on all the domains on that server". Also, this seems like a pretty good way to circumvent spam filters. Sign up to a service, get on their web mail, add to the address book, and spam away. I spose that's why you have the option of disabling it. Comments? You would think if spammers went through that type of trouble you would think that they would create graphic only spam to circumvent keywords with disposable domains for redirection, put together RFC compliant headers and send E-mail from open relays that were undiscovered by the various RBL's, yet very, very few do this type of thing. It's because these guys are lazy and dumb that 95%+ of their spam can get blocked by an administrator with less than $1,000 worth of software and a moderate degree of knowledge. In other words, no one is going to track down the practices on your particular server unless possibly you host hundreds of thousands of addresses. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Auto White Listing
- Original Message - From: "Jonathan" <[EMAIL PROTECTED]> > If this is the case, then the second part of Scott's explanation doesn't > make sense. Why didn't he just say, "Yes, once it's in someone's address > book, then it's whitelisted for everyone on all the domains on that > server". Also, this seems like a pretty good way to circumvent spam > filters. Sign up to a service, get on their web mail, add to the address > book, and spam away. I spose that's why you have the option of disabling it. In reality, someone would have to know all of our users e-mail addresses and list every one of them as a recipient to the message in order for your scenario to work. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Auto White Listing
> > > >With the auto whitelist feature, the way I understand it, any address in > > > >any user's address book will be whitelisted for *that* user, right? > > > > > > Correct. > > > >Not completly correct. It will whitelist the entire email. So if the email > >was sent to 3 people on the server and one has it whitelisted, it would > >whitelist the email for all recipients of the email. > > > >Scott, you always forget to mention that. > > > If this is the case, then the second part of Scott's explanation doesn't > make sense. Why didn't he just say, "Yes, once it's in someone's address > book, then it's whitelisted for everyone on all the domains on that > server". Also, this seems like a pretty good way to circumvent spam > filters. Sign up to a service, get on their web mail, add to the address > book, and spam away. I spose that's why you have the option of disabling it. The limitation if you want to call it that is in the way e-mail is handled by the SMTP services. It has nothing to do with Declude perse. When a message is received by the Imail SMTP service, it creates one Q file and one D file, no matter how many local recipients. When the Declude tests run, it must take action on the message itself, irregardless of how many recipients. That has been discussed before. Again, the issue is caused by the SMTP service on all e-mail servers. Now, there is consideration on how this can be handled in either Declude or otherwise. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Auto White Listing
> If this is the case, then the second part of Scott's > explanation doesn't > make sense. Why didn't he just say, "Yes, once it's in > someone's address > book, then it's whitelisted for everyone on all the domains on that > server". Also, this seems like a pretty good way to circumvent spam > filters. Sign up to a service, get on their web mail, add to > the address > book, and spam away. I spose that's why you have the option > of disabling it. > > Comments? > If someone adds the senders e-mail it only whitelists that e-mail when the recipient is in the e-mail. If I whitelist [EMAIL PROTECTED], they can always send me e-mail. But they can't always send e-mail to my neighbor on the same service. The exception to this is if they included me in any correspondence they sent to my neighbor. I agree that in theory, you scenario has a slight potential for abuse, but as an "on the ball" admin, you should be able to easily spot this kind of abuse. Plus, spammers already have to spend money for their lists/transmission/etc., do you think they would really want to sign up to your service, just to knowingly be able to whitelist your few e-mail addresses he has in his lists? Probably not, unless he has 100,000 of your e-mail addresses. Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Auto White Listing
At 01:15 PM 9/27/2003, you wrote: > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry > Sent: Saturday, September 27, 2003 5:12 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Auto White Listing > > > > >With the auto whitelist feature, the way I understand it, any address in > >any user's address book will be whitelisted for *that* user, right? > > Correct. Not completly correct. It will whitelist the entire email. So if the email was sent to 3 people on the server and one has it whitelisted, it would whitelist the email for all recipients of the email. Scott, you always forget to mention that. If this is the case, then the second part of Scott's explanation doesn't make sense. Why didn't he just say, "Yes, once it's in someone's address book, then it's whitelisted for everyone on all the domains on that server". Also, this seems like a pretty good way to circumvent spam filters. Sign up to a service, get on their web mail, add to the address book, and spam away. I spose that's why you have the option of disabling it. Comments? > > >So, what if the email is sent to an alias, which resolves to that > >user. Is the "spam" blocked when it comes into the alias? or > does it see > >that it ultimately hits that user, and allow it? > > As with the per-user settings, the address that the alias > resolves to will > be used. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Log to syslog option
Scott, any more thought of adding the option to logging to a syslog? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Foreign Characters and Declude
And something else that formerly confused me and you pointed out...Roger should make sure that the subject line wasn't base64 encoded by checking out the source of the E-mail since the subject (and the rest of the headers) isn't decoded for filtering.. Matt R. Scott Perry wrote: R> You should be able to filter on those words, if you include the foreign R> characters in your filter file (assuming you are running 1.75 or later -- R> some previous versions wouldn't work with foreign characters in the filter R> files). It doesn't. I have had messages passing right through on very simple word formats like: SUBJECT 13 CONTAINS yöur I just tested a filter with this line in it (with 1.76i4, although 1.75 and 1.76 should work the same), and it worked. Are you sure there are no spaces/tabs at the end of the line? Are other lines in the filter working (if not, the test may not be set up correctly)? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[3]: [Declude.JunkMail] Foreign Characters and Declude
R> You should be able to filter on those words, if you include the foreign R> characters in your filter file (assuming you are running 1.75 or later -- R> some previous versions wouldn't work with foreign characters in the filter R> files). It doesn't. I have had messages passing right through on very simple word formats like: SUBJECT 13 CONTAINS yöur I just tested a filter with this line in it (with 1.76i4, although 1.75 and 1.76 should work the same), and it worked. Are you sure there are no spaces/tabs at the end of the line? Are other lines in the filter working (if not, the test may not be set up correctly)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Auto White Listing
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry > Sent: Saturday, September 27, 2003 5:12 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Auto White Listing > > > > >With the auto whitelist feature, the way I understand it, any address in > >any user's address book will be whitelisted for *that* user, right? > > Correct. Not completly correct. It will whitelist the entire email. So if the email was sent to 3 people on the server and one has it whitelisted, it would whitelist the email for all recipients of the email. Scott, you always forget to mention that. > > >So, what if the email is sent to an alias, which resolves to that > >user. Is the "spam" blocked when it comes into the alias? or > does it see > >that it ultimately hits that user, and allow it? > > As with the per-user settings, the address that the alias > resolves to will > be used. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[3]: [Declude.JunkMail] Foreign Characters and Declude
Reply to: R. Scott Perry Re: [Declude.JunkMail] Foreign Characters and Declude on Saturday 7:09:47 AM It doesn't. I have had messages passing right through on very simple word formats like: SUBJECT 13 CONTAINS yöur SUBJECT 600 CONTAINS Löw SUBJECT 600 CONTAINS äpproved SUBJECT 600 CONTAINS Räte SUBJECT 600 CONTAINS Evëry SUBJECT 600 CONTAINS Herë -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com - Copy of Original Message(s): - >>I want to enable foreign characters but filter on their >>exact words. It sounds like these character sets are not >>'viewed' and filtered in Declude? R> You should be able to filter on those words, if you include the foreign R> characters in your filter file (assuming you are running 1.75 or later -- R> some previous versions wouldn't work with foreign characters in the filter R> files). -- ActivatorMail(tm) ver.00922031 Scanned for all viruses by www.activatormail.com intelligent anti-virus anti-spam service --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Auto White Listing
With the auto whitelist feature, the way I understand it, any address in any user's address book will be whitelisted for *that* user, right? Correct. So, what if the email is sent to an alias, which resolves to that user. Is the "spam" blocked when it comes into the alias? or does it see that it ultimately hits that user, and allow it? As with the per-user settings, the address that the alias resolves to will be used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Foreign Characters and Declude
I want to enable foreign characters but filter on their exact words. It sounds like these character sets are not 'viewed' and filtered in Declude? You should be able to filter on those words, if you include the foreign characters in your filter file (assuming you are running 1.75 or later -- some previous versions wouldn't work with foreign characters in the filter files). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Auto White Listing
I'm sure this has been asked before, but I didn't see anything about it in the archives: With the auto whitelist feature, the way I understand it, any address in any user's address book will be whitelisted for *that* user, right? So, what if the email is sent to an alias, which resolves to that user. Is the "spam" blocked when it comes into the alias? or does it see that it ultimately hits that user, and allow it? Thanks, Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.