Re[2]: [Declude.JunkMail] Google Gmail.com
On Thu, 1 Apr 2004 14:02:27 -0700 Brad Morgan <[EMAIL PROTECTED]> wrote: > > > > I'll one-up you here...I've got every E-mail sent and received (minus > a > > few large attachments) since 05/30/1996 on my PC thanks to Netscape :) > > > > Only one-up if you include the size ! > > Brad {01:30:40 Sat Apr 3}{~} $gvl2$:du -hs ./Maildir 806M./Maildir That's just from the 2 years or so since I converted to maildir format. There's still a lot of old mail in mbox format I haven't moved over yet. -- Gerald V. Livingston II Configure your Email to send TEXT ONLY -- See the following page: http://expita.com/nomime.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Country Chain
I see your point - but pragmatism may be more appropriate than insistence on ISO country codes. Let's see, there is a E.U. ambassador in Washington: http://www.eurunion.org/ Your State Department has a diplomatic mission at the E.U.: http://www.useu.be/ U.S. Department of Energy lists it among countries: http://www.eia.doe.gov/emeu/cabs/cabswe.html I have a E.U. passport, a E.U. driver's license, you go through E.U. citizen checkpoints at airports, there is a directly elected E.U. parliament, an E.U. executive branch, an E.U. high court, many areas of the national law are superceded by E.U. law, one external border, no internal borders - and now they even have a common currency for the hard-core member states. >From the outside looking in, it may not be a country - but I think the E.U. is a supranational, geographically well-defined political, social, economic and atomic energy country-like entity where it may be technically correct for you to reject the "eu" abbreviation - but from a "real-world" perspective (if spam protection is more important that politics), it may not be productive to mark the use of the official abbreviation "eu" by the authoritative organization (RIPE) as "corrupt". Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 02, 2004 07:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Country Chain >Yet - the following country chain was reported: > > 'EU' [corrupt RIPE data]->destination That's actually a bug at RIPE. They are claiming that the IP is registered to a country with the 2-character abbreviation of "EU". Apparently, they are using that to refer to the European Union, but last I checked, that was neither a country nor registered with a 2-character abbreviation. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Last Action = log line
No objections, but to keep the log files smaller in size, maybe this could be added to the beginning of the Tests Failed line. I find the subject and the other message info useful at this log level, as well as the scores for each test, but all of the individual actions, doubling the tests listed, is overkill for my needs and I suspect others. It would be nice not to see the IGNORE and WARN actions, and instead just log things like SUBJECT, COPYTO, ROUTETO, COPYFILE, MAILBOX, HOLD and DELETE. For instance: Current method: 04/01/2004 00:00:18 Qa1dd011201762ec4 MAILPOLICE-BULK:7 SPAMCOP(DYNA):4 SPAMCOP(ALL):2 AHBL-SOURCES:5 FIVETEN-SPAM:2 MPBL-SOURCES:20 NJABL-SOURCES:7 SBL:20 SORBS-SPAM:2 SNIFFER-GETRICH:6 IPINMX:-1 . Total weight = 74. 04/01/2004 00:00:18 Qa1dd011201762ec4 L1 Message OK 04/01/2004 00:00:18 Qa1dd011201762ec4 Subject: Drive for Free Today 04/01/2004 00:00:18 Qa1dd011201762ec4 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 69.6.14.109 ID: TAA77989 04/01/2004 00:00:18 Qa1dd011201762ec4 Tests failed [weight=74]: CATCHALLMAILS=WARN MAILPOLICE-BULK=WARN SPAMCOP(DYNA)=WARN SPAMCOP(ALL)=WARN AHBL-SOURCES=WARN FIVETEN-SPAM=WARN MPBL-SOURCES=WARN NJABL-SOURCES=WARN SBL=WARN SORBS-SPAM=WARN NOLEGITCONTENT=IGNORE SNIFFER-GETRICH=WARN IPINMX=WARN DROP-MAILPURE=IGNORE DROP-CAPTURE=ROUTETO DROP-DELIVER=IGNORE DROP-SUBJECT=SUBJECT DROP-RECIPS=WARN Suggested method: 04/01/2004 00:00:18 Qa1dd011201762ec4 L1 Message OK 04/01/2004 00:00:18 Qa1dd011201762ec4 Subject: Drive for Free Today 04/01/2004 00:00:18 Qa1dd011201762ec4 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 69.6.14.109 ID: TAA77989 04/01/2004 00:00:18 Qa1dd011201762ec4 [weight=74] MAILPOLICE-BULK:7 SPAMCOP(DYNA):4 SPAMCOP(ALL):2 AHBL-SOURCES:5 FIVETEN-SPAM:2 MPBL-SOURCES:20 NJABL-SOURCES:7 SBL:20 SORBS-SPAM:2 SNIFFER-GETRICH:6 IPINMX:-1. 04/01/2004 00:00:18 Qa1dd011201762ec4 Actions: DROP-CAPTURE=ROUTETO DROP-SUBJECT=SUBJECT Note that I reordered things and placed the total weight in front of the other lines. You could place the last action at the beginning of the "Actions" line for easy parsing, though this could still be grepped if listed last or in the middle. This would cut the file size by 1/3 and make it easier to read. This is an assumption, but I doubt that there are many that are concerned about IGNORE and WARN actions, especially at the medium log level, and all the tests that were hit already appear on another line. Matt R. Scott Perry wrote: Scott, I'd like to make the case for moving the: Last action = ""> log line from the LOGLEVEL HIGH setting down to the LOGLEVEL MED setting. My rationale being that at the MED level, log items are of a granularity appropriate to the entire message, whereas the verbose HIGH setting has a granularity at the test level. That, and it would benefit me personally as I've moved my logging from HIGH to MED so as to avoid the "corrupted overlapping log lines"; I find that the corruption happens very little at the MED setting. I've been using the "Last action = ""moz-txt-link-freetext" href="http://www.declude.com">http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] Last Action = log line
That would be great! For what it's worth, the new verbose weight and test results description line is very handy, too. For example, If I want to count the messages held, I can: egrep -c "Last action = HOLD." dec0316.log whereas if I want to count the number of recipients for those messages, I can: egrep -c " Tests failed .+HOLD" dec0316.log which gives a lot of flexibility without having to get out uniq and cut. Andrew 8) p.s. Many thanks to Bill Landry for getting me hooked on grep. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Friday, April 02, 2004 4:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Last Action = log line >Scott, I'd like to make the case for moving the: > >Last action = > >log line from the LOGLEVEL HIGH setting down to the LOGLEVEL MED setting. > >My rationale being that at the MED level, log items are of a granularity >appropriate to the entire message, whereas the verbose HIGH setting has a >granularity at the test level. > >That, and it would benefit me personally as I've moved my logging from >HIGH to MED so as to avoid the "corrupted overlapping log lines"; I find >that the corruption happens very little at the MED setting. I've been >using the "Last action = " line to get quick counts of held spam. If nobody objects, we'll change it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Last Action = log line
Scott, I'd like to make the case for moving the: Last action = log line from the LOGLEVEL HIGH setting down to the LOGLEVEL MED setting. My rationale being that at the MED level, log items are of a granularity appropriate to the entire message, whereas the verbose HIGH setting has a granularity at the test level. That, and it would benefit me personally as I've moved my logging from HIGH to MED so as to avoid the "corrupted overlapping log lines"; I find that the corruption happens very little at the MED setting. I've been using the "Last action = " line to get quick counts of held spam. If nobody objects, we'll change it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Country Chain
Yet - the following country chain was reported: 'EU' [corrupt RIPE data]->destination That's actually a bug at RIPE. They are claiming that the IP is registered to a country with the 2-character abbreviation of "EU". Apparently, they are using that to refer to the European Union, but last I checked, that was neither a country nor registered with a 2-character abbreviation. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Last Action = log line
Title: Message Scott, I'd like to make the case for moving the: Last action = ""> log line from the LOGLEVEL HIGH setting down to the LOGLEVEL MED setting. My rationale being that at the MED level, log items are of a granularity appropriate to the entire message, whereas the verbose HIGH setting has a granularity at the test level. That, and it would benefit me personally as I've moved my logging from HIGH to MED so as to avoid the "corrupted overlapping log lines"; I find that the corruption happens very little at the MED setting. I've been using the "Last action = " line to get quick counts of held spam. Andrew 8)
[Declude.JunkMail] Country Chain
Title: Message Hi Scott: Just for your info (I know that you don't control the data). I downloaded a new country.dat file a week ago - so I think I'm relatively current. Yet - the following country chain was reported: 'EU' [corrupt RIPE data]->destination for the following headers: Received: from nhmx01.barcap.com [167.203.49.6] by mail.webhost.hm-software.com with ESMTP (SMTPD32-7.07) id ADC01B330030; Thu, 01 Apr 2004 08:48:48 -0500Received: from nhmx01.barcap.com (localhost [127.0.0.1]) by nhmx01.barcap.com (8.12.10/8.12.10) with ESMTP id i31Djcpm002752 for <[EMAIL PROTECTED]>; Thu, 1 Apr 2004 08:45:38 -0500(EST)Received: from nykpsmeg013.INTRANET.BARCAPINT.COM(nykpsmeg013.nat.barcapint.com [167.203.47.216]) by nhmx01.barcap.com (8.12.10/8.12.10) with ESMTP id i31DjZ22002738 for <[EMAIL PROTECTED]>; Thu, 1 Apr 2004 08:45:36 -0500(EST)Received: from NYKPSMEH001.INTRANET.BARCAPINT.COM (unverified) by nykpsmeg013.INTRANET.BARCAPINT.COM (Content Technologies SMTPRS4.3.10) with ESMTP id <[EMAIL PROTECTED]> ; Thu, 1 Apr 2004 08:48:45 -0500Received: from nykpsmeu001veua.intranet.barcapint.com ([167.203.58.10]) by NYKPSMEH001.INTRANET.BARCAPINT.COM with Microsoft SMTPSVC(5.0.2195.5329) ; Thu, 1 Apr 2004 08:48:45 -0500 Best RegardsAndy SchmidtH&M Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/
[Declude.JunkMail] spam news in the courtroom
US court skins 'Buffalo Spammer' http://www.theregister.co.uk/content/55/36732.html Two men charged with spam felonies http://www.mercurynews.com/mld/mercurynews/business/7474946.htm --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Gateway and log file questions
I am using declude junkmail on two mail gateways for 5 domains, shouldnt Declude always see mail as outgoing mail? I am seeing this in my logs. Using [incoming] CFG file D:\IMail\Declude\nat.com\$default$.junkmail. If you have a file D:\IMail\Declude\nat.com\$default$.junkmail, Declude JunkMail will use it for E-mail to the nat.com domain, regardless of whether the E-mail is really incoming or outgoing. I am having trouble with some tests being skipped, how does declude know what is incoming and what is outgoing in the config and junkmail file? For outgoing E-mail, the \IMail\Declude\global.cfg file will be used *unless* there are per-user/per-domain settings for the recipient. For incoming E-mail the \IMail\Declude\$default$.JunkMail file will be used *unless* there are per-user/per-domain settings for the recipient. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Gateway and log file questions
I am using declude junkmail on two mail gateways for 5 domains, shouldnt Declude always see mail as outgoing mail? I am seeing this in my logs. Using [incoming] CFG file D:\IMail\Declude\nat.com\$default$.junkmail. I am having trouble with some tests being skipped, how does declude know what is incoming and what is outgoing in the config and junkmail file? I only have one set of tests defined in each file assuming it will just go with the outgoing, does it look for duplicates or line breaks to determine which is incoming or outgoing? Running current interim 30 and running imail8.05 Rick Davidson National Systems Manager North American Title Group 440-953-9346 - Office 440-953-0925 - Fax 440-487-7344 - Mobile [EMAIL PROTECTED] - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.